Closed james-garriss closed 1 year ago
Use environment variables to configure the Terrascan 'skiprules' parameter:
- task: MicrosoftSecurityDevOps@1
displayName: 'Run Microsoft Security DevOps'
env:
TERRASCAN_SKIPRULES: 'AC_DOCKER_0041'
inputs:
break: true
This is explained in the FAQ here: https://github.com/microsoft/security-devops-action/wiki#how-to-configure-analyzers
Suppose I am running MSDO using a task in my ADO build pipeline. Suppose Terrascan reports an issue? Suppose that we accept the risk of this issue and no longer want MSDO to report it? How can I configure this ADO task to ignore the Terrascan rule? Terrascan has ways to allow this (see: https://runterrascan.io/docs/policies/policies/), but I don't see how to do this with MSDO. TIA.