-
Notifications
You must be signed in to change notification settings - Fork 170
/
security-tools.yml
47 lines (42 loc) · 1.29 KB
/
security-tools.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Security tools
name: 1.0.$(Year:yy)$(DayOfYear).$(Rev:r) # This is the build number
trigger: none
pr: none
schedules:
- cron: "0 0 * * *"
displayName: Daily at midnight
branches:
include:
- main
- releases/*
pool:
name: d365bc-agentpool-nonprod-build
resources:
repositories:
- repository: PipelineTemplates
type: git
name: Infrastructure-PipelineTemplates
ref: master
variables:
- template: security-tools-full-variables.yml@PipelineTemplates
- template: ./variables-common.yml
jobs:
- job: default_job
displayName: Run security tools
timeoutInMinutes: 480
steps:
- checkout: self
fetchTags: 'true'
- template: security-tools-full.yml@PipelineTemplates
parameters:
OutputPath: $(OutputPath)
SourcePath: $(SourcePath)
BuildCommand: Powershell.exe -NonInteractive "cd $(Build.SourcesDirectory); .\build.ps1 -ALGoProject 'System Application' -AutoFill"
GdnSuppressFile: $(Build.SourcesDirectory)\.azuredevops\security-tools.gdnsuppress
ExcludeSecurityTools:
- CodeSignValidation # Not applicable yet (Code is not signed on Github)
IncludeOfficialBuildTools:
- ComponentGovernance
${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
TSA: true
TSAIncludeTools: 'PoliCheck'