-
Notifications
You must be signed in to change notification settings - Fork 16
/
script-module-compliance.yml
48 lines (40 loc) · 1.35 KB
/
script-module-compliance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
parameters:
# component-governance
sourceScanPath: '$(Build.SourcesDirectory)'
# credscan
suppressionsFile: ''
# TermCheck
targetArgument: '$(Build.SourcesDirectory)'
optionsUEPATH: ''
optionsRulesDBPath: ''
optionsFTPath: ''
# tsa-upload
codeBaseName: ''
# selections
APIScan: true # set to false when not using Windows APIs.
steps:
- template: template-compliance/auto-applicability.yml
- template: template-compliance/component-governance.yml
parameters:
sourceScanPath: ${{ parameters.sourceScanPath }}
- template: template-compliance/credscan.yml
parameters:
suppressionsFile: ${{ parameters.suppressionsFile }}
- template: template-compliance/TermCheck.yml
parameters:
targetArgument: ${{ parameters.targetArgument }}
optionsUEPATH: ${{ parameters.optionsUEPATH }}
optionsRulesDBPath: ${{ parameters.optionsRulesDBPath }}
optionsFTPath: ${{ parameters.optionsFTPath }}
- template: template-compliance/vulnerability-assessment.yml
- template: template-compliance/publish-security-logs.yml
- template: template-compliance/tsa-upload.yml
parameters:
codeBaseName: ${{ parameters.codeBaseName }}
- template: template-compliance/sdtreport.yml
parameters:
APIScan: ${{ parameters.APIScan }}
# script modules should not distribute binaries
BinSkim: false
CredScan: true
TermCheck: true