Skip to content

Commit

Permalink
Security analysis on both CI and Dist pipelines
Browse files Browse the repository at this point in the history
  • Loading branch information
@gingi
gingi committed Feb 9, 2022
1 parent 9f1a3c9 commit a906e63
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 21 deletions.
23 changes: 2 additions & 21 deletions .vsts/win/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,5 @@
steps:
# Static analysis before build
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: "Run CredScan"
inputs:
suppressionsFile: test/cred-scan-exclude.json
toolMajorVersion: V2
debugMode: false

- template: ./credscan.yml
- template: ./win-dependencies.yml

- powershell: npm run build-and-pack
Expand All @@ -20,19 +13,7 @@ steps:
npm run spectron
displayName: Running spectron
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
displayName: "AntiMalware Scanner"
inputs:
EnableServices: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
displayName: "Publish Security Analysis Logs"

- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
displayName: "Post Analysis"
inputs:
CredScan: true

- template: ./security-analysis.yml

- template: ../common/publish-artifacts.yml
parameters:
Expand Down
9 changes: 9 additions & 0 deletions .vsts/win/credscan.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
steps:
# Static analysis before build
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: "Run CredScan"
inputs:
suppressionsFile: test/cred-scan-exclude.json
toolMajorVersion: V2
debugMode: false

3 changes: 3 additions & 0 deletions .vsts/win/distribution.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
steps:
- template: ./credscan.yml
- template: ./win-dependencies.yml
- powershell: ./scripts/azpipelines/update-build-name.ps1
displayName: Resolve version
Expand All @@ -10,6 +11,8 @@ steps:
exec { npm run package win-exe }
displayName: Build executable
- template: ./security-analysis.yml

- template: ./sign.yml
parameters:
name: "Sign executable and dll"
Expand Down
13 changes: 13 additions & 0 deletions .vsts/win/security-analysis.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
displayName: "AntiMalware Scanner"
inputs:
EnableServices: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
displayName: "Publish Security Analysis Logs"

- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
displayName: "Post Analysis"
inputs:
CredScan: true

0 comments on commit a906e63

Please sign in to comment.