From 320e2463ea904e437c705bee470d6299ddfaace9 Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 16:51:18 -0800 Subject: [PATCH 1/3] Change credscan to use v3 and enable to scan entire repo --- eng/common/pipelines/templates/steps/credscan.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 029b370e0b03..8053483b1a79 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -12,15 +12,17 @@ steps: $changedFiles | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"} } else { - Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/sdk/${{ parameters.ServiceDirectory }}" + $scanFolder = "" + if (${{parameters.ServiceDirectory}}) { + $scanFolder = sdk/${{ parameters.ServiceDirectory }} + } + Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" } Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv" displayName: CredScan setup -- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 +- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 displayName: CredScan running inputs: - toolMajorVersion: V2 - toolVersion: latest scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv" suppressionsFile: ${{ parameters.SuppressionFilePath }} - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 From f740c2b4b3d5afee1658654d58335b8813ba1fb8 Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 17:03:50 -0800 Subject: [PATCH 2/3] Check string emtpy --- eng/common/pipelines/templates/steps/credscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 8053483b1a79..128a31d40bcd 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -13,7 +13,7 @@ steps: } else { $scanFolder = "" - if (${{parameters.ServiceDirectory}}) { + if ("${{ parameters.ServiceDirectory }}" -ne '') { $scanFolder = sdk/${{ parameters.ServiceDirectory }} } Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" From aa76aef561534584bc7201c7518d290c798ee956 Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 17:13:24 -0800 Subject: [PATCH 3/3] add quotes around parameters --- eng/common/pipelines/templates/steps/credscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 128a31d40bcd..a202961a30e0 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -14,7 +14,7 @@ steps: else { $scanFolder = "" if ("${{ parameters.ServiceDirectory }}" -ne '') { - $scanFolder = sdk/${{ parameters.ServiceDirectory }} + $scanFolder = "sdk/${{ parameters.ServiceDirectory }}" } Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" }