Add SecurityTools (CredScan, BinSkim, PoliCheck) to PR builds in ADO #9035
Conversation
…over CodeSign, since CodeSign should be specific for signing. While, those processes were actual specific for configuration.
…te or paths that no longer exist.
…to Windows PowerShell pipeline.
| $repoRoot = "$PSScriptRoot/../.." | ||
| $binSkim = (Get-Item -Path "$repoRoot/tools/SecurityTools/Microsoft.CodeAnalysis.BinSkim*/tools/*/win-x64/BinSkim.exe" | Select-Object -First 1).FullName | ||
| $dllBaseFolder = "$repoRoot/artifacts/Debug" | ||
| $suppressions = @('Microsoft.Azure.DataLake.Store.dll','Microsoft.WindowsAzure.Storage.DataMovement.PowerShell.dll') |
There was a problem hiding this comment.
Do these suppressions come from failures or from previous suppression?
There was a problem hiding this comment.
These are new failures. It seems these are signed with Sha1+Sha2. So, to avoid these suppressions, we would need resigned DLLs. I did, however, want to have a suppression strategy for BinSkim since it natively doesn't allow it.
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
/azp run azure-powershell - security-tools |
|
For the Azure DevOps organization |
|
/azp run "azure-powershell - security-tools" |
|
For the Azure DevOps organization |
|
/azp help |
Supported commands
help:
Get descriptions, examples and documentation about supported commands
Example: help "command_name"
run:
Run all pipelines or a specific pipeline for this repository using a comment. Use
this command by itself to trigger all related pipelines, or specify a pipeline
to run.
Example: "run" or "run pipeline_name"
See additional documentation.
|
|
/azp "run azure-powershell - security-tools" |
Command '"run' is not supported by Azure Pipelines.
Supported commands
help:
Get descriptions, examples and documentation about supported commands
Example: help "command_name"
run:
Run all pipelines or a specific pipeline for this repository using a comment. Use
this command by itself to trigger all related pipelines, or specify a pipeline
to run.
Example: "run" or "run pipeline_name"
See additional documentation.
|
|
/azp run azure-powershell - powershell-core |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| @@ -29,9 +29,6 @@ namespace Commands.HDInsight.Test.UnitTests | |||
| public class DataLakeStoreTests : HDInsightTestBase | |||
| { | |||
| private NewAzureHDInsightClusterCommand cmdlet; | |||
| private const string StorageName = "dummystorage.blob.core.windows.net"; | |||
| private const string StorageKey = "O9EQvp3A3AjXq/W27rst1GQfLllhp01qlJMJfSU1hVW2K42gUeiUUn2D8zX2lU3taiXSSfqkZlcPv+nQcYYwUx=="; | |||
| private const int ClusterSize = 4; | |||
There was a problem hiding this comment.
These variables were unused in this class and were flagged by CredScan. Made more sense to remove unused creds than to suppress them.
| @@ -1,3 +0,0 @@ | |||
| { | |||
There was a problem hiding this comment.
This was an unused example suppressions file.
|
Manual build using new service connection: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=24263 |
Description
This allows our PR build process to run CredScan, BinSkim, and PoliCheck. This only happens in the Windows PowerShell pipeline, since we only need to run it once and it can only run on Windows. I also removed the travis yml since we shouldn't need to use Travis anymore.
Checklist
CONTRIBUTING.mdplatyPSmodule