azure-pipelines.yml

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- master

pool:
  vmImage: 'windows-latest'

steps:
- powershell: |
    cd docker_images/csharp/wrapper/src
    dotnet remove edge-e2e.csproj reference ../../sdk/iothub/device/src/Microsoft.Azure.Devices.Client.csproj
    dotnet remove edge-e2e.csproj reference ../../sdk/iothub/service/src/Microsoft.Azure.Devices.csproj
    dotnet remove edge-e2e.csproj reference ../../sdk/shared/src/Microsoft.Azure.Devices.Shared.csproj
    dotnet add edge-e2e.csproj package Microsoft.Azure.Devices.Client
    dotnet add edge-e2e.csproj package Microsoft.Azure.Devices
    dotnet add edge-e2e.csproj package Microsoft.Azure.Devices.Shared
    dotnet build edge-e2e.csproj
  displayName: 'csharp pre-scan task - pull in dependencies'
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
  displayName: 'Component Detection'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
  displayName: 'Run CredScan'
  inputs:
    debugMode: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
  displayName: 'Run PoliCheck'
  inputs:
    targetType: F
- task: securedevelopmentteam.vss-secure-development-tools.build-task-bandit.Bandit@1
  displayName: 'Run Bandit'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-guardian.Guardian@1
  displayName: 'Run Guardian'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-vulnerabilityassessment.VulnerabilityAssessment@0
  displayName: 'Run Vulnerability Assessment'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
  displayName: 'Guardian Export'
  inputs:
    GdnExportAllTools: false
    GdnExportGdnToolBandit: true
    GdnExportGdnToolBanditSeverity: Error
    GdnExportGdnToolBinSkim: true
    GdnExportGdnToolBinSkimSeverity: Error
    GdnExportGdnToolCodesignValidation: true
    GdnExportGdnToolCodesignValidationSeverity: Error
    GdnExportGdnToolCredScan: true
    GdnExportGdnToolCredScanSeverity: Error
    GdnExportGdnToolPoliCheck: true
    GdnExportGdnToolPoliCheckSeverity: Error
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
  displayName: 'Publish Guardian Artifacts'
  inputs:
    ArtifactName: GuardianLogs
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
  displayName: 'Post Analysis'
  inputs:
    GdnBreakAllTools: false
    GdnBreakGdnToolBandit: true
    GdnBreakGdnToolBanditSeverity: Error
    GdnBreakGdnToolBinSkim: true
    GdnBreakGdnToolBinSkimSeverity: Error
    GdnBreakGdnToolCredScan: true
    GdnBreakGdnToolCredScanSeverity: Error
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2
  displayName: 'TSA upload'
  inputs:
    GdnPublishTsaOnboard: false
    GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)\newtsaupload.gdntsa'