Skip to content

Commit

Permalink
[ci] Use managed identity for API Scan (#1207)
Browse files Browse the repository at this point in the history
I've configured a new [managed identity][0] (MSI) for API Scan, which
allows us to enable a more modern authentication approach when
running API Scan on the `MAUI-1ESPT` agent pool.

A new `$(ApiScanMAUI1ESPTManagedId)` variable has been configured in
the pipeline settings to pass the app ID for this MSI to the
API Scan task.

[0]: https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/resource/subscriptions/cd4829e2-e38b-43d2-8316-2f2009f36f97/resourcegroups/1esobjects/providers/microsoft.managedidentity/userassignedidentities/maui1esptapiscanidentity/overview
  • Loading branch information
pjcollins authored Mar 26, 2024
1 parent 651de42 commit e1c7832
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions build-tools/automation/azure-pipelines.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,8 @@ jobs:
dependsOn: windows_dotnet_build
condition: and(eq(dependencies.windows_dotnet_build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}'))
pool:
name: Azure Pipelines
vmImage: windows-2022
name: MAUI-1ESPT
demands: ImageOverride -equals 1ESPT-Windows2022
timeoutInMinutes: 480
workspace:
clean: all
Expand Down Expand Up @@ -135,7 +135,7 @@ jobs:
isLargeApp: true
toolVersion: Latest
env:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanMAUI1ESPTManagedId)

- task: SdtReport@2
displayName: Guardian Export - Security Report
Expand Down

0 comments on commit e1c7832

Please sign in to comment.