Skip to content
This repository has been archived by the owner on May 1, 2024. It is now read-only.

Switch to Security v1 template for compliance #15851

Closed
wants to merge 18 commits into from
Closed

Switch to Security v1 template for compliance #15851

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
b9fd63d
Switch to Security v1 template for compliance
jfversluis Dec 20, 2023
cda5c4d
Update azure-pipelines.yml
jfversluis Dec 20, 2023
216a641
Update azure-pipelines.yml
jfversluis Dec 20, 2023
d3ea32a
Update azure-pipelines.yml
jfversluis Dec 20, 2023
3c41a4c
Update azure-pipelines.yml
jfversluis Dec 21, 2023
ed2adc4
Update azure-pipelines.yml
jfversluis Jan 8, 2024
568a36a
Separate artifacts
jfversluis Jan 8, 2024
d5c3e0d
Update build-windows.yml
jfversluis Jan 8, 2024
61875f7
Update build-windows.yml
jfversluis Jan 8, 2024
dacde15
Update azure-pipelines.yml
jfversluis Jan 9, 2024
73f6e09
Scan only relevant binaries
jfversluis Jan 9, 2024
0fba961
Fix TSA path
jfversluis Jan 11, 2024
b26fb98
Update azure-pipelines.yml
jfversluis Jan 11, 2024
81f3d87
Update azure-pipelines.yml
jfversluis Jan 12, 2024
27e7da6
Enable APIScan preserveLogsFolder
jfversluis Jan 15, 2024
83a6e50
Update build-windows.yml
jfversluis Jan 17, 2024
b5aaa89
Update azure-pipelines.yml
jfversluis Jan 19, 2024
ee29d47
Remove unneeded binaries
jfversluis Jan 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 16 additions & 47 deletions azure-pipelines.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,53 +201,22 @@ stages:
inputs:
versionSpec: $(NUGET_VERSION)

- stage: PoliCheck
displayName: 'Code Analysis'
dependsOn: windows
jobs:
- job: run_poli_check
displayName: 'Policheck And Credentials Compliance'
pool:
name: $(vs2019VmPool)
vmImage: $(vs2019VmImage)
timeoutInMinutes: 60
cancelTimeoutInMinutes: 5
steps:
- checkout: self

- template: security/policheck/v2.yml@xamarin-templates

- template: security/credscan/v3.yml@xamarin-templates
parameters:
suppressionsFile: $(System.DefaultWorkingDirectory)\build\automation\CredScanSuppressions.json

- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4
displayName: Run AntiMalware (Defender) Scan
inputs:
FileDirPath: $(System.DefaultWorkingDirectory)
EnableServices: true
condition: succeededOrFailed()

- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
displayName: Create Security Analysis Report
inputs:
CredScan: true
PoliCheck: true
condition: succeededOrFailed()

- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
displayName: Publish Security Analysis Logs
inputs:
ArtifactName: CodeAnalysisLogs
condition: succeededOrFailed()

- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: Fail Job if Security Issues are Detected
inputs:
CredScan: true
PoliCheck: true
GdnBreakGdnToolPoliCheckSeverity: 'Error'
condition: succeededOrFailed()
- template: security/full/v1.yml@xamarin-templates
parameters:
complianceTimeoutInMinutes: 480
stageDependsOn: windows
scanArtifacts: [ 'nuget', 'apiscan' ]
antiMalwareEnabled: true
binSkimEnabled: true
enableCodeInspector: true
credScanEnabled: true
credScanSuppressionFile: $(Build.SourcesDirectory)\build\automation\CredScanSuppressions.json
sourceGdnSuppressionFile: $(Build.SourcesDirectory)\build\automation\source.gdnsuppress
tsaConfigFile: $(Build.SourcesDirectory)\build\automation\tsaoptions-v2.json
apiScanEnabled: true
apiScanSoftwareName: 'Xamarin.Forms'
apiScanSoftwareVersionNum: '5.0.0'
apiScanPreserveLogsFolder: true

- stage: sbom
dependsOn: nuget_signing
Expand Down
Loading