From 40bfb741f2b2dcf425ea069b000ef8d5d3d637bf Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 16:51:18 -0800 Subject: [PATCH 1/3] Change credscan to use v3 and enable to scan entire repo --- eng/common/pipelines/templates/steps/credscan.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 029b370e0..8053483b1 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -12,15 +12,17 @@ steps: $changedFiles | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"} } else { - Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/sdk/${{ parameters.ServiceDirectory }}" + $scanFolder = "" + if (${{parameters.ServiceDirectory}}) { + $scanFolder = sdk/${{ parameters.ServiceDirectory }} + } + Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" } Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv" displayName: CredScan setup -- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 +- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 displayName: CredScan running inputs: - toolMajorVersion: V2 - toolVersion: latest scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv" suppressionsFile: ${{ parameters.SuppressionFilePath }} - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 From dca42f55c3e262a2e893e3c1cf29d6b63dcb99dd Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 17:03:50 -0800 Subject: [PATCH 2/3] Check string emtpy --- eng/common/pipelines/templates/steps/credscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 8053483b1..128a31d40 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -13,7 +13,7 @@ steps: } else { $scanFolder = "" - if (${{parameters.ServiceDirectory}}) { + if ("${{ parameters.ServiceDirectory }}" -ne '') { $scanFolder = sdk/${{ parameters.ServiceDirectory }} } Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" From ce474c0ce5e00aa2c80f2bd01271d5ca1bafad0a Mon Sep 17 00:00:00 2001 From: sima-zhu Date: Thu, 10 Feb 2022 17:13:24 -0800 Subject: [PATCH 3/3] add quotes around parameters --- eng/common/pipelines/templates/steps/credscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml index 128a31d40..a202961a3 100644 --- a/eng/common/pipelines/templates/steps/credscan.yml +++ b/eng/common/pipelines/templates/steps/credscan.yml @@ -14,7 +14,7 @@ steps: else { $scanFolder = "" if ("${{ parameters.ServiceDirectory }}" -ne '') { - $scanFolder = sdk/${{ parameters.ServiceDirectory }} + $scanFolder = "sdk/${{ parameters.ServiceDirectory }}" } Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder" }