2021-12-09 14:33:51 +00:00
overrideGuardianVersion: ''
executeAllSdlToolsScript: ''
overrideParameters: ''
additionalParameters: ''
publishGuardianDirectoryToPipeline: false
sdlContinueOnError: false
condition: ''
2022-08-17 12:42:25 +00:00
- task: NuGetAuthenticate@1
2021-12-09 14:33:51 +00:00
- task: NuGetToolInstaller@1
displayName: 'Install NuGet.exe'
2022-08-17 12:42:25 +00:00
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
- pwsh: |
2022-09-13 12:25:17 +00:00
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
. .\sdl.ps1
2022-08-17 12:42:25 +00:00
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
displayName: Install Guardian (Overridden)
- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
- pwsh: |
2022-09-13 12:25:17 +00:00
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
. .\sdl.ps1
2022-08-17 12:42:25 +00:00
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
displayName: Install Guardian
2021-12-09 14:33:51 +00:00
- ${{ if ne(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
2023-06-29 16:56:58 +00:00
displayName: Execute SDL (Overridden)
2021-12-09 14:33:51 +00:00
continueOnError: ${{ parameters.sdlContinueOnError }}
condition: ${{ parameters.condition }}
2024-07-17 16:13:19 +00:00
2021-12-09 14:33:51 +00:00
- ${{ if eq(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }}
2022-08-17 12:42:25 +00:00
-GuardianCliLocation $(GuardianCliLocation)
2021-12-09 14:33:51 +00:00
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
${{ parameters.additionalParameters }}
displayName: Execute SDL
continueOnError: ${{ parameters.sdlContinueOnError }}
condition: ${{ parameters.condition }}
2024-07-17 16:13:19 +00:00
2021-12-09 14:33:51 +00:00
- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
# We want to publish the Guardian results and configuration for easy diagnosis. However, the
# '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default
# tooling files. Some of these files are large and aren't useful during an investigation, so
# exclude them by simply deleting them before publishing. (As of writing, there is no documented
# way to selectively exclude a dir from the pipeline artifact publish task.)
- task: DeleteFiles@1
displayName: Delete Guardian dependencies to avoid uploading
SourceFolder: $(Agent.BuildDirectory)/.gdn
Contents: |
condition: succeededOrFailed()
2022-07-30 12:37:25 +00:00
2021-12-09 14:33:51 +00:00
- publish: $(Agent.BuildDirectory)/.gdn
artifact: GuardianConfiguration
displayName: Publish GuardianConfiguration
2022-07-30 12:37:25 +00:00
condition: succeededOrFailed()
# Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
# with the "SARIF SAST Scans Tab" Azure DevOps extension
- task: CopyFiles@2
displayName: Copy SARIF files
flattenFolders: true
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
contents: '**/*.sarif'
targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
condition: succeededOrFailed()
# Use PublishBuildArtifacts because the SARIF extension only checks this case
# see microsoft/sarif-azuredevops-extension#4
- task: PublishBuildArtifacts@1
displayName: Publish SARIF files to CodeAnalysisLogs container
pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
artifactName: CodeAnalysisLogs
2021-12-09 14:33:51 +00:00
condition: succeededOrFailed()