From 4029dfca7207fabf4a6509fe5c3f8db0ecd9431b Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 16:51:18 -0800 Subject: [PATCH 1/3] Change credscan to use v3 and enable to scan entire repo --- eng/common/pipelines/templates/steps/credscan.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 029b370e0b03..8053483b1a79 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -12,15 +12,17 @@ steps: $changedFiles | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"} } else { - Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/sdk/${{ parameters.ServiceDirectory }}" + $scanFolder = "" + if (${{parameters.ServiceDirectory}}) { + $scanFolder = sdk/${{ parameters.ServiceDirectory }} + } + Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" } Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv" displayName: CredScan setup -- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 +- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 displayName: CredScan running inputs: - toolMajorVersion: V2 - toolVersion: latest scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv" suppressionsFile: ${{ parameters.SuppressionFilePath }} - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 From 6d32ad1a0e6226b86761e7681c98bccb07910151 Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 17:03:50 -0800 Subject: [PATCH 2/3] Check string emtpy --- eng/common/pipelines/templates/steps/credscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 8053483b1a79..128a31d40bcd 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -13,7 +13,7 @@ steps: } else { $scanFolder = "" - if (${{parameters.ServiceDirectory}}) { + if ("${{ parameters.ServiceDirectory }}" -ne '') { $scanFolder = sdk/${{ parameters.ServiceDirectory }} } Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" From 835a32c2a2e04ef8ed7e590168e55428db206db0 Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 17:13:24 -0800 Subject: [PATCH 3/3] add quotes around parameters --- eng/common/pipelines/templates/steps/credscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 128a31d40bcd..a202961a30e0 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -14,7 +14,7 @@ steps: else { $scanFolder = "" if ("${{ parameters.ServiceDirectory }}" -ne '') { - $scanFolder = sdk/${{ parameters.ServiceDirectory }} + $scanFolder = "sdk/${{ parameters.ServiceDirectory }}" } Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" }