Move to Node10, automate build & installation, add SARIF reports

[JoostVoskuil]

• Automated the build process:
  • Create a public Azure DevOps project
  • Authorize Azure DevOps project to use this git repository
  • Update azure-pipelines.yml and set variable 'shareWith'. This is the Azure DevOps organisation to run your tests installations from
  • To make this work, the extension version is bumped to version 6.1
  • No need anymore to update both extension version and task version manually for patch versions
  • Removed manual build steps
• Remove unused dependencies (package.json)
• Removed unused typescript files
• Bumped dependency versions of package.json
• Update to node10 handler (Switch to Node10 Execution Handler #91)
• tsconfig.json target from es6 to es2020
  • Made chagnes to dependency-check-build-task.ts to support this (removed undefined '?' for variablen)
• Migrated file upload old vso console.out to tasklib upload method
• Dependency-Check option format also supports SARIF reports. This change will provide the option to tell dependency-check to generate the report also in SARIF.
  • If we want nice reports in Azure DevOps with the SARIF SAST Scans Tab extension, the SARIF file must be uploaded to the 'CodeAnalysisLogs' artifact hence it is uploaded twice

[ejohn20]

The material changes

[ejohn20]

I'm not opposed to switching away from the classic pipelines, however I might need to work through this configuration with you all to make sure I understand how the dev -> prod workflow will work.

[JoostVoskuil]

It is quite easy. If you want we can have a zoom call and discuss this ;)

[ejohn20]

@JoostVoskuil That would be helpful. I'm going to be tied up this week for the most part at a conference, would you be available the next week (12/20) to review?

[JoostVoskuil]

Hi @ejohn20 I have send you an email ;)