security-devops-action icon indicating copy to clipboard operation
security-devops-action copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Validate Azure DevOps pipeline steps (integration of other SAST/SCA tooling)

Open markl11 opened this issue 2 years ago • 0 comments

Hi,

Could I also use this to check for the existence of certain steps in an Azure DevOps YAML pipeline? Does it have this capability? For example, if there is a step that uses SonarQube or Nexus IQ - ie. can MSDO scan the following Azure DevOps YAML file and look for the existence of the steps involving SonarQube (example YAML below):

trigger: - master # or the name of the main branch - feature/*

steps:

- task: SonarQubePrepare@5 inputs: SonarQube: 'YourSonarqubeServerEndpoint' scannerMode: 'Other' extraProperties: 'sonar.projectKey=YourProjectKey'

- task: SonarQubePublish@5 inputs: pollingTimeoutSec: '300'

markl11 avatar May 03 '22 08:05 markl11