Enable AzDO CI compliance template (#639)

* Enable AzDO CI compliance template * Add compliance results report upload. * Fix typo
2022-11-18 14:53:49 -08:00 · 2022-11-18 14:53:49 -08:00 · ed6ba5aa88
parent 9e804c3e76
commit ed6ba5aa88
1 changed files with 35 additions and 24 deletions
--- a/.azdo/ci.yml
+++ b/.azdo/ci.yml
@ -10,12 +10,12 @@ pr:
    include:
    - latestw_all

-#resources:
-#  repositories:
-#  - repository: ComplianceRepo
-#    type: github
-#    endpoint: ComplianceGHRepo
-#    name: PowerShell/compliance
+resources:
+  repositories:
+  - repository: ComplianceRepo
+    type: github
+    endpoint: ComplianceGHRepo
+    name: PowerShell/compliance

 stages:
 - stage: Build
@ -88,24 +88,35 @@ stages:
        Write-Host "##vso[artifact.upload containerfolder=$artifactName;artifactname=$artifactName;]$configFilePath"
      displayName: Upload Win32-OpenSSH build artifacts

-#- stage: Compliance
-#  displayName: Compliance
-#  dependsOn: Build
-#  jobs:
-#  - job: ComplianceJob
-#    pool:
-#      vmImage: windows-latest
-#    steps:
-#    - checkout: self
-#      clean: true
-#    - checkout: ComplianceRepo
-#      clean: true
-#    - download: current
-#      artifact: 'Microsoft.PowerShell.SecretManagement'
-#    - template: ci-compliance.yml@ComplianceRepo
-#      parameters:
-#        # credscan
-#        suppressionsFile: ''
+- stage: Compliance
+  displayName: Compliance
+  dependsOn: Build
+  jobs:
+  - job: ComplianceJob
+    pool:
+      vmImage: windows-latest
+    steps:
+    - checkout: self
+      clean: true
+    - checkout: ComplianceRepo
+      clean: true
+    - download: current
+      artifact: 'Win32-OpenSSH'
+    - template: ci-compliance.yml@ComplianceRepo
+      parameters:
+        # credscan
+        suppressionsFile: ''
+    # Documentation: https://eng.ms/docs/security-compliance-identity-and-management-scim/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/security-analysis-report-build-task
+    - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
+      continueOnError: true
+      displayName: 'Guardian Export'
+      inputs:
+        GdnExportVstsConsole: true
+        GdnExportSarifFile: true
+        GdnExportHtmlFile: true
+        GdnExportAllTools: false
+        GdnExportGdnToolCredScan: true
+        #this didn't do anything GdnExportCustomLogsFolder: '$(Build.ArtifactStagingDirectory)/Guardian'

 - stage: Test
  displayName: Test Win32-OpenSSH