credscan.yml

steps:
# CredScan
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
  displayName: 'Run CredScan - Src'
  inputs:    
    scanFolder: '$(Build.SourcesDirectory)\src'
    debugMode: false

- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
  displayName: 'Run CredScan - Test'
  inputs:
    scanFolder: '$(Build.SourcesDirectory)\test'
    debugMode: false

- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
  displayName: 'Run CredScan - Tools'
  inputs:
    scanFolder: '$(Build.SourcesDirectory)\tools'
    debugMode: false

- task: BinSkim@3
  displayName: 'Run BinSkim - Product Binaries'
  inputs:
    InputType: Basic
    AnalyzeTarget: |
      $(productBinPathEdm)\**\$(mainDllEdm)
    AnalyzeSymPath: |
      $(productBinPathEdm)
    AnalyzeVerbose: true
    AnalyzeHashes: true
    AnalyzeEnvironment: true

- task: BinSkim@3
  displayName: 'Run BinSkim - Product Binaries'
  inputs:
    InputType: Basic
    AnalyzeTarget: |
      $(productBinPathCore)\**\$(mainDllCore)
    AnalyzeSymPath: |
      $(productBinPathCore)
    AnalyzeVerbose: true
    AnalyzeHashes: true
    AnalyzeEnvironment: true

- task: BinSkim@3
  displayName: 'Run BinSkim - Product Binaries'
  inputs:
    InputType: Basic
    AnalyzeTarget: |
      $(productBinPathSpatial)\**\$(mainDllSpatial)
    AnalyzeSymPath: |
      $(productBinPathSpatial)
    AnalyzeVerbose: true
    AnalyzeHashes: true
    AnalyzeEnvironment: true

- task: BinSkim@3
  displayName: 'Run BinSkim - Product Binaries'
  inputs:
    InputType: Basic
    AnalyzeTarget: |
      $(productBinPathClient)\**\$(mainDllClient)
    AnalyzeSymPath: |
      $(productBinPathClient)
    AnalyzeVerbose: true
    AnalyzeHashes: true
    AnalyzeEnvironment: true

- task: PublishSecurityAnalysisLogs@2
  displayName: 'Publish Security Analysis Logs'
  inputs:
    ArtifactName: SecurityLogs

- task: PostAnalysis@1
  displayName: 'Post Analysis'
  inputs:
    BinSkim: true
    CredScan: true
    PoliCheck: true
    PoliCheckBreakOn: Severity2Above
  enabled: true
  continueOnError: true