This repository has been archived by the owner on Sep 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 95
/
compliance.yaml
123 lines (102 loc) · 2.62 KB
/
compliance.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
resources:
repositories:
- repository: self
checkoutOptions:
submodules: false
pr: none
trigger: none
jobs:
- job: Build
timeoutInMinutes: 360
pool:
vmImage: 'macos-latest'
variables:
- name: BuildConfiguration
value: Debug
- name: TeamName
value: Mono.Addins
- name: Codeql.Language
value: csharp
- name: Codeql.Enabled
value: true
- name: Codeql.TSAEnabled
value: true
- name: Codeql.TSAOptionsPath
value: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
- name: Codeql.SkipTaskAutoInjection
value: true
- name: System.Debug
value: true
steps:
- task: UseDotNet@2
displayName: 'Install .NET 3.1'
inputs:
packageType: 'sdk'
version: '3.1.413'
- task: UseDotNet@2
displayName: 'Install .NET 6'
inputs:
packageType: 'sdk'
version: '6.0.100'
- task: CodeQL3000Init@0
- task: DotNetCoreCLI@2
displayName: 'Build solution Mono.Addins.sln'
inputs:
command: build
arguments: '/p:Configuration=$(BuildConfiguration)'
- task: CodeQL3000Finalize@0
- job: Analysis_Job
displayName: Analysis
pool: VSEngStaticAnalysis-Test
timeoutInMinutes: 300
variables:
- name: DOTNET_ROOT
value: /root/.dotnet
steps:
- task: NodeTool@0
displayName: 'Use Node 6.x'
- task: PowerShell@2
displayName: Checkout Submodules
inputs:
targetType: 'inline'
script: |
# Enlist into all of the submodules
git submodule update --init --recursive
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
- task: CredScan@3
displayName: Run CredScan
continueOnError: false
inputs:
outputFormat: pre
- task: PoliCheck@2
inputs:
inputType: 'Basic'
targetType: 'F'
targetArgument: '$(Build.SourcesDirectory)'
result: 'PoliCheck.xml'
- task: SdtReport@2
displayName: 'Create security analysis report'
inputs:
GdnExportAllTools: false
GdnExportGdnToolCredScan: true
GdnExportGdnToolPoliCheck: true
- task: TSAUpload@2
displayName: Upload Results to TSA
inputs:
GdnPublishTsaOnboard: true
GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
- task: PostAnalysis@2
displayName: Run Security Post Analysis
inputs:
GdnBreakAllTools: true
continueOnError: true
condition: succeededOrFailed()
- task: PublishSecurityAnalysisLogs@3
displayName: Publish Code Analysis Logs
inputs:
ArtifactName: CodeAnalysisLogs
ArtifactType: Container
PublishProcessedResults: true
AllTools: true
ToolLogsNotFoundAction: Standard