forked from IGDEXE/NodeGoat-JS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Veracode-Sonar.yml
74 lines (70 loc) · 2.14 KB
/
Veracode-Sonar.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
pool:
vmImage: ubuntu-latest
variables:
- group: Veracode
stages:
- stage: Sonar
displayName: SonarQube
dependsOn:
jobs:
- job: Check
steps:
- task: SonarQubePrepare@5
inputs:
SonarQube: 'SonarSD'
scannerMode: 'CLI'
configMode: 'manual'
cliProjectKey: 'igd7530753_NodeGoat'
cliSources: '.'
displayName: 'Prepare Analysis Configuration'
- task: Npm@1
inputs:
command: 'install'
displayName: 'NPM Install'
- script: |
FILTERED_PARAMS=$(echo $SONARQUBE_SCANNER_PARAMS | sed 's/"sonar.branch.name":"[^"]*"\,//g')
echo "##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS]$FILTERED_PARAMS"
displayName: Workaround sonar.branch.name
- task: SonarQubeAnalyze@5
displayName: 'Run Analysis'
- task: SonarQubePublish@5
inputs:
pollingTimeoutSec: '300'
displayName: 'Publish Gate'
- stage: SAST
displayName: Veracode - SAST
dependsOn:
jobs:
- job: Check
steps:
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: '$(Agent.BuildDirectory)'
includeRootFolder: true
archiveType: 'zip'
archiveFile: '$(caminhoPacote)'
replaceExistingArchive: true
displayName: 'Criando pacote para analise'
- script: |
curl -O -L https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
displayName: 'Download Pipeline Scanner'
- task: ExtractFiles@1
inputs:
archiveFilePatterns: 'pipeline-scan-LATEST.zip'
destinationFolder: '$(Build.ArtifactStagingDirectory)'
cleanDestinationFolder: false
displayName: 'Extraindo ferramenta'
- script: |
java -jar $(Build.ArtifactStagingDirectory)/pipeline-scan.jar -vid $(APIID) -vkey $(APIKEY) --file '$(caminhoPacote)' --issue_details true
displayName: 'Veracode PipelineScan'
- stage: SCA
displayName: Veracode - SCA
dependsOn:
jobs:
- job: Check
steps:
- task: CmdLine@2
inputs:
script: |
curl -sSL https://download.sourceclear.com/ci.sh | bash -s – scan --update-advisor --allow-dirty
displayName: 'SCA - Agent Based'