Sync eng/common directory with azure-sdk-tools for PR 2686 (#20255)

* Add common template for credscan step * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Ben Broderick Phillips <ben@benbp.net> * Added the source directory parameter * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> * Update credscan.yml * Update eng/common/pipelines/templates/steps/credscan.yml Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> Co-authored-by: sima-zhu <sizhu@microsoft.com> Co-authored-by: Sima Zhu <48036328+sima-zhu@users.noreply.github.com> Co-authored-by: Ben Broderick Phillips <ben@benbp.net> Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
Azure · Feb 8, 2022 · 3b01392 · 3b01392
1 parent 9bb61a1
commit 3b01392
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml
@@ -0,0 +1,40 @@
+parameters:
+  SuppressionFilePath: 'eng/CredScanSuppression.json'
+  BaselineFilePath: ''
+  SourceDirectory: $(Build.SourcesDirectory)
+  ServiceDirectory: ''
+
+steps:
+- pwsh: |
+    if ("$(Build.Reason)" -eq 'PullRequest') {
+      (git diff "origin/$(System.PullRequest.TargetBranch)" HEAD --name-only)
+      | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"}
+    }
+    else {
+      Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/sdk/${{ parameters.ServiceDirectory }}"
+    }
+    Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv"
+  displayName: CredScan setup
+- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
+  displayName: CredScan running
+  inputs:
+    toolMajorVersion: V2
+    toolVersion: latest
+    scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv"
+    suppressionsFile: ${{ parameters.SuppressionFilePath }}
+- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
+  displayName: CredScan result analysis
+  inputs:
+    GdnBreakBaselineFiles: ${{ parameters.BaselineFilePath }}
+    GdnBreakAllTools: false
+    GdnBreakGdnToolCredScan: true
+    GdnBreakGdnToolCredScanSeverity: Error
+    GdnBreakBaselines: baseline
+    # Used for generating baseline file.
+    # GdnBreakOutputBaselineFile: dotnet
+    # GdnBreakOutputBaseline: baseline
+  condition: succeededOrFailed()
+- pwsh: |
+    Write-Host "Please check https://aka.ms/azsdk/credscan for more information about the cred scan failure."
+  displayName: CredScan troubleshooting guide
+  condition: failed()