forked from microsoft/semantic-kernel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
compliance.yml
61 lines (51 loc) · 1.82 KB
/
compliance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
trigger:
- main
# no PR triggers
pr: none
pool:
vmImage: 'windows-latest'
steps:
- task: CredScan@3
- task: ESLint@1
inputs:
Configuration: 'recommended'
TargetType: 'eslint'
ErrorLevel: 'warn'
- task: UseDotNet@2
displayName: 'Use .NET 7.0'
inputs:
packageType: 'sdk'
version: '7.x'
- task: Semmle@1
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
inputs:
sourceCodeDirectory: '$(Build.SourcesDirectory)'
language: 'csharp'
buildCommandsString: '$(Agent.ToolsDirectory)\dotnet\dotnet.exe restore $(BUILD.SourcesDirectory)\dotnet\SK-dotnet.sln#$(Agent.ToolsDirectory)\dotnet\dotnet.exe build $(BUILD.SourcesDirectory)\dotnet\SK-dotnet.sln'
querySuite: 'Recommended'
timeout: '1800'
ram: '16384'
addProjectDirToScanningExclusionList: true
# Usage of System.AccessToken is only required for uploading
# results to CodeQL servers via variable LGTM.UploadSnapshot = true
# If you want to analyze errors on your own or if LGTM.UploadSnapshot = false,
# then passing this environment variable is not required.
#######################################################
# Highly Discouraged, only for backward compatibility #
#######################################################
# When code is hosted on GitHub and build pipeline is created on ADO then a PAT token can be used in place of AccessToken as part of environment variable
# SYSTEM_ACCESSTOKEN: $(PATToken)
# Where PATToken is name of the variable and value contains the actual PAT token generated by user
- task: ComponentGovernanceComponentDetection@0
inputs:
scanType: 'Register'
verbosity: 'Verbose'
alertWarningLevel: 'High'
failOnAlert: true
- task: PublishSecurityAnalysisLogs@3
inputs:
ArtifactName: 'CodeAnalysisLogs'
ArtifactType: 'Container'
AllTools: true
ToolLogsNotFoundAction: 'Standard'