Publish Terrascan and Credscan result in the ADO pipeline

microsoft / security-devops-azdevops

Microsoft Security DevOps extension for Azure DevOps.

MIT License

60 stars 16 forks source link

Publish Terrascan and Credscan result in the ADO pipeline #30

Open aakanshaverma1310 opened 1 year ago

aakanshaverma1310 commented 1 year ago

Is it possible to publish results for both Terrascan and CredScan in ADO Pipeline (PFB image) I'm using below -

      - task: MicrosoftSecurityDevOps@1
        displayName: Credential Scanner- CredScan
        inputs:
          categories: 'secrets, code, artifacts, IaC, containers'
          tools: 'Credscan'

      - task: MicrosoftSecurityDevOps@1
        displayName: Credential Scanner- Terrascan
        inputs:
          categories: 'secrets, code, artifacts, IaC, containers'
          tools: 'terrascan'

JiandongJiang commented 1 year ago

Yes, it is possible. You may take a look at this sample: https://github.com/microsoft/security-devops-action/blob/main/.github/workflows/sample-workflow-windows-latest.yml

aakanshaverma1310 commented 1 year ago

@JiandongJiang - thanks for your suggestion. Also, can you tell me that is it possible to scan only a particular folder from a repo? As in Azure Devops , I dont have argument where I can pass the path of the folder.

JiandongJiang commented 1 year ago

The wiki https://github.com/microsoft/security-devops-action/wiki has the info on configurations.