forked from IGDEXE/Verademo
-
Notifications
You must be signed in to change notification settings - Fork 1
/
azure-pipelines.yml
102 lines (94 loc) · 2.95 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Para testar, recomendo a utilização do projeto NodeGoat
# Disponivel em: https://github.com/IGDEXE/NodeGoat
trigger:
- master
pool:
vmImage: ubuntu-latest
variables:
veracodeAppProfile: AzDevOps.$(Build.DefinitionName)
caminhoPacote: $(System.ArtifactsDirectory)/drop/verademo.war
stages:
- stage: Build
displayName: Build
jobs:
- job: Build
steps:
- task: Maven@3
inputs:
mavenPomFile: 'pom.xml'
mavenOptions: '-Xmx3072m'
javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.8'
jdkArchitectureOption: 'x64'
publishJUnitResults: true
testResultsFiles: '**/surefire-reports/TEST-*.xml'
goals: 'package'
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: 'target/verademo.war'
ArtifactName: 'drop'
publishLocation: 'Container'
- stage: SCA
displayName: SCA
dependsOn:
jobs:
- job: SCA
displayName: 'Veracode SCA'
steps:
- task: CmdLine@2
inputs:
script: |
curl -sSL https://download.sourceclear.com/ci.sh | bash -s – scan --update-advisor --allow-dirty
displayName: 'Resultados SCA'
continueOnError: true
- stage: SAST
displayName: U&S and Pipeline Scan
dependsOn: Build
jobs:
- job: PipelineScan
displayName: 'Veracode PipelineScan'
steps:
- task: DownloadBuildArtifacts@1
inputs:
buildType: 'current'
downloadType: 'single'
artifactName: 'drop'
downloadPath: '$(System.ArtifactsDirectory)'
displayName: 'Carregando arquivos'
- script: |
curl -O -L https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
displayName: 'Download Pipeline Scanner'
- task: ExtractFiles@1
inputs:
archiveFilePatterns: 'pipeline-scan-LATEST.zip'
destinationFolder: '$(Build.ArtifactStagingDirectory)'
cleanDestinationFolder: false
- script: |
java -jar $(Build.ArtifactStagingDirectory)/pipeline-scan.jar -vid $(VeracodeID) -vkey $(VeracodeKey) --file '$(caminhoPacote)' --issue_details true
displayName: 'Veracode PipelineScan'
continueOnError: true
- job: Wrapper
displayName: 'Veracode U&S'
steps:
- task: DownloadBuildArtifacts@1
inputs:
buildType: 'current'
downloadType: 'single'
artifactName: 'drop'
downloadPath: '$(System.ArtifactsDirectory)'
displayName: 'Carregando arquivos'
- task: Veracode@3
inputs:
ConnectionDetailsSelection: 'Credentials'
apiId: '$(VeracodeID)'
apiKey: '$(VeracodeKey)'
veracodeAppProfile: '$(veracodeAppProfile)'
version: '$(build.buildNumber)'
filepath: '$(caminhoPacote)'
createSandBox: false
createProfile: true
failTheBuildIfVeracodeScanDidNotInitiate: false
scanStatusCheckInterval: '60'
importResults: false
failBuildOnPolicyFail: false
displayName: 'Veracode U&S'