github.com/microsoft/moc@v0.17.1/.pipelines/static.yaml (about) 1 jobs: 2 - job: StaticAnalysis 3 4 pool: 5 vmImage: 'windows-latest' 6 7 variables: 8 - group: moc-build 9 - name: GO111MODULE 10 value: 'on' 11 - name: LGTM.UploadSnapshot 12 value: true 13 14 steps: 15 - task: InstallSSHKey@0 16 inputs: 17 knownHostsEntry: '$(KNOWN_HOST)' 18 sshPublicKey: '$(SSH_PUBLIC_KEY)' 19 sshKeySecureFile: 'azure-pipelines-ssh-key-new' 20 - script: | 21 git config --global url.ssh://git@github.com/.insteadOf https://github.com/ 22 git config --global url."msazure@vs-ssh.visualstudio.com:v3".insteadOf https://msazure.visualstudio.com 23 displayName: 'Set up the Go workspace' 24 25 - task: NodeTool@0 26 inputs: 27 versionSpec: '14.x' 28 29 - task: securedevelopmentteam.vss-secure-development-tools.build-task-codeinspector.CodeInspector@2 30 displayName: 'Run Code Inspector' 31 inputs: 32 ProductId: 0 33 continueOnError: true 34 35 - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 36 displayName: Credential Scan 37 inputs: 38 outputFormat: pre 39 batchSize: 20 40 debugMode: false 41 continueOnError: true 42 43 - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2 44 displayName: 'Run PoliCheck' 45 inputs: 46 targetType: F 47 result: PoliCheck.xml 48 optionsFC: 0 49 optionsXS: 0 50 optionsHMENABLE: 0 51 continueOnError: true 52 53 - task: securedevelopmentteam.vss-secure-development-tools.build-task-gosec.GoSec@1 54 displayName: 'Run GoSec' 55 inputs: 56 targetPattern: guardianGlob 57 continueOnError: true 58 59 - task: securedevelopmentteam.vss-secure-development-tools.build-task-semmle.Semmle@1 60 env: 61 SYSTEM_ACCESSTOKEN: $(System.AccessToken) 62 displayName: 'Run CodeQL (Semmle)' 63 inputs: 64 language: 'go' 65 buildCommandsString: 'make all' 66 continueOnError: true 67 condition: succeededOrFailed() 68 69 - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2 70 displayName: 'Create Security Analysis Report' 71 inputs: 72 GdnExportTsvFile: true 73 GdnExportHtmlFile: true 74 GdnExportOutputBaselineFile: myBaseline 75 GdnExportOutputBaseline: myBaselinedResults 76 GdnExportOutputSuppressionFile: mySuppressions 77 GdnExportOutputSuppressionSet: mySuppressionSet 78 GdnExportPolicyMinSev: Warning 79 GdnExportGdnToolApiScanSeverity: Warning 80 GdnExportGdnToolArmorySeverity: Warning 81 GdnExportGdnToolBanditSeverity: Warning 82 GdnExportGdnToolBinSkimSeverity: Warning 83 GdnExportGdnToolCodesignValidationSeverity: Warning 84 GdnExportGdnToolCredScanSeverity: Warning 85 GdnExportGdnToolESLintSeverity: Warning 86 GdnExportGdnToolFlawfinderSeverity: Warning 87 GdnExportGdnToolFortifyScaSeverity: Warning 88 GdnExportGdnToolFxCopSeverity: Warning 89 GdnExportGdnToolGosecSeverity: Warning 90 GdnExportGdnToolModernCopSeverity: Warning 91 GdnExportGdnToolPoliCheckSeverity: Warning 92 GdnExportGdnToolRoslynAnalyzersSeverity: Warning 93 GdnExportGdnToolSDLNativeRulesSeverity: Warning 94 GdnExportGdnToolSemmleSeverity: Warning 95 GdnExportGdnToolSpotBugsSeverity: Warning 96 GdnExportGdnToolTSLintSeverity: Warning 97 continueOnError: true 98 condition: succeededOrFailed() 99 100 - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3 101 displayName: 'Publish Security Analysis Logs' 102 continueOnError: true 103 condition: succeededOrFailed() 104 105 - task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2 106 displayName: 'TSA upload to Codebase: TSATest_1ES Stamp: TSA' 107 inputs: 108 GdnPublishTsaOnboard: true 109 GdnPublishTsaConfigFile: '$(Build.sourcesDirectory)\.gdn\.gdntsa' 110 continueOnError: true 111 112 - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 113 displayName: 'Post Analysis' 114 inputs: 115 GdnBreakPolicyMinSev: Warning 116 continueOnError: false 117 condition: succeededOrFailed()