Skip to content

Commit f55488e

Browse files
authored
Add compliance build
1 parent 07b9104 commit f55488e

1 file changed

Lines changed: 79 additions & 0 deletions

File tree

.vsts-compliance.yml

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
# Copyright (C) Microsoft Corporation. All rights reserved.
2+
# Licensed under the MIT license. See LICENSE.txt in the project root for license information.
3+
4+
trigger:
5+
batch: true
6+
branches:
7+
include:
8+
- master
9+
- develop
10+
paths:
11+
exclude:
12+
- README.md
13+
14+
pr: none
15+
16+
queue:
17+
name: VSEngSS-MicroBuild2019-1ES
18+
timeoutInMinutes: 120
19+
demands:
20+
- MSBuild
21+
- VisualStudio
22+
- VSTest
23+
24+
steps:
25+
- template: build/build.yml
26+
parameters:
27+
BuildConfiguration: $(BuildConfiguration)
28+
BuildPlatform: $(BuildPlatform)
29+
Sign: false
30+
31+
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
32+
displayName: Detect components
33+
inputs:
34+
sourceScanPath: $(Build.SourcesDirectory)
35+
36+
- task: RoslynAnalyzers@3
37+
inputs:
38+
userProvideBuildInfo: 'autoMsBuildInfo'
39+
env:
40+
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
41+
42+
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
43+
displayName: 'Run PoliCheck'
44+
inputs:
45+
targetType: F
46+
targetArgument: '$(Build.SourcesDirectory)'
47+
optionsFC: 0
48+
optionsXS: 1
49+
optionsHMENABLE: 0
50+
continueOnError: true
51+
52+
- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
53+
displayName: 'Run BinSkim'
54+
inputs:
55+
InputType: Basic
56+
Function: analyze
57+
AnalyzeTarget: '$(Build.SourcesDirectory)\src\VSSetup.PowerShell\bin\$(BuildConfiguration)\*.dll'
58+
AnalyzeSymPath: '$(Build.SourcesDirectory)\src\VSSetup.PowerShell\bin\$(BuildConfiguration)'
59+
AnalyzeVerbose: true
60+
AnalyzeHashes: true
61+
continueOnError: true
62+
63+
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
64+
displayName: 'Run CredScan'
65+
inputs:
66+
debugMode: false
67+
68+
# Publish compliance results
69+
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
70+
displayName: 'Publish Security Analysis Logs'
71+
72+
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
73+
displayName: Check SDL results
74+
inputs:
75+
AllTools: true
76+
77+
- task: ms-vseng.MicroBuildTasks.521a94ea-9e68-468a-8167-6dcf361ea776.MicroBuildCleanup@1
78+
displayName: Clean up
79+
condition: succeededOrFailed()

0 commit comments

Comments
 (0)