Add Code Checks (#1038)
- Component governance on all builds - Static code analysis on a separate Windows job
This commit is contained in:
Родитель
215b513cb9
Коммит
288959ed6b
|
@ -576,3 +576,76 @@ stages:
|
|||
inputs:
|
||||
artifactName: samples
|
||||
pathToPublish: 'output'
|
||||
|
||||
- ${{ if eq(variables['System.TeamProject'], 'devdiv') }}:
|
||||
- stage: checks
|
||||
displayName: Run Code Checks
|
||||
dependsOn: prepare
|
||||
jobs:
|
||||
- template: azure-templates-bootstrapper.yml # Run Code Checks
|
||||
parameters:
|
||||
name: native_checks_windows
|
||||
displayName: Run Code Checks
|
||||
# condition: and(always(), eq('refs/heads/master', variables['Build.SourceBranch']))
|
||||
vmImage: $(VM_IMAGE_WINDOWS)
|
||||
target: externals-init
|
||||
shouldPublish: false
|
||||
postBuildSteps:
|
||||
- task: CredScan@2
|
||||
displayName: Analyze source for credentials
|
||||
condition: always()
|
||||
inputs:
|
||||
toolMajorVersion: 'V2'
|
||||
- task: PoliCheck@1
|
||||
displayName: Run PoliCheck
|
||||
condition: always()
|
||||
inputs:
|
||||
inputType: 'Basic'
|
||||
targetType: 'F'
|
||||
- task: SdtReport@1
|
||||
displayName: Create security analysis report
|
||||
condition: always()
|
||||
inputs:
|
||||
AllTools: false
|
||||
APIScan: false
|
||||
BinSkim: false
|
||||
CodesignValidation: false
|
||||
CredScan: true
|
||||
FortifySCA: false
|
||||
FxCop: false
|
||||
ModernCop: false
|
||||
MSRD: false
|
||||
PoliCheck: true
|
||||
RoslynAnalyzers: false
|
||||
SDLNativeRules: false
|
||||
Semmle: false
|
||||
TSLint: false
|
||||
ToolLogsNotFoundAction: 'Standard'
|
||||
- task: PublishSecurityAnalysisLogs@3
|
||||
displayName: Publish security analysis logs
|
||||
condition: always()
|
||||
- task: TSAUpload@1
|
||||
displayName: Publish TSA logs
|
||||
condition: always()
|
||||
inputs:
|
||||
tsaVersion: 'TsaV2'
|
||||
codebase: 'NewOrUpdate'
|
||||
tsaEnvironment: 'PROD'
|
||||
codeBaseName: 'SkiaSharp_master'
|
||||
notificationAlias: 'xamacomd@microsoft.com'
|
||||
notifyAlwaysV2: false
|
||||
instanceUrlForTsaV2: 'DEVDIV'
|
||||
projectNameDEVDIV: 'DevDiv'
|
||||
areaPath: 'DevDiv\Xamarin Tools and SDKs\Components'
|
||||
iterationPath: 'DevDiv\OneVS'
|
||||
uploadAPIScan: false
|
||||
uploadBinSkim: false
|
||||
uploadCredScan: true
|
||||
uploadFortifySCA: false
|
||||
uploadFxCop: false
|
||||
uploadModernCop: false
|
||||
uploadPoliCheck: true
|
||||
uploadPREfast: false
|
||||
uploadRoslyn: false
|
||||
uploadTSLint: false
|
||||
uploadAsync: true
|
||||
|
|
|
@ -135,3 +135,11 @@ jobs:
|
|||
inputs:
|
||||
artifactName: ${{ parameters.name }}
|
||||
pathToPublish: 'output'
|
||||
- ${{ if eq(variables['System.TeamProject'], 'devdiv') }}:
|
||||
- task: ComponentGovernanceComponentDetection@0
|
||||
displayName: Run component detection
|
||||
condition: always()
|
||||
inputs:
|
||||
scanType: 'Register'
|
||||
verbosity: 'Verbose'
|
||||
alertWarningLevel: 'High'
|
||||
|
|
Загрузка…
Ссылка в новой задаче