forked from kaakaww/javaspringvulny
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-pipelines.yml
85 lines (74 loc) · 2.9 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# HawkScan Scanning in Azure Pipelines
# This is a demonstration of running JavaSpringVulny (a web applications) in azure-pipelines (a cicd pipeline) with the StackHawk extension (DAST testing)
# https://marketplace.visualstudio.com/items?itemName=StackHawk.stackhawk-extensions
# https://github.com/kaakaww/javaspringvulny
# https://aka.ms/yaml
# matrix builds for different build systems
# use `condition: eq(variables['imageName'], 'ubuntu-latest')` property to filter tasks for specific operating systems
strategy:
matrix:
windows-msi:
imageName: "windows-latest"
installerType: "msi"
windows-zip:
imageName: "windows-latest"
installerType: "zip"
linux-zip:
imageName: "ubuntu-latest"
installerType: "zip"
windows-auto:
imageName: "windows-latest"
installerType: "auto"
linux-auto:
imageName: "ubuntu-latest"
installerType: "auto"
pool:
vmImage: $(imageName)
trigger:
- main
steps:
- checkout: self
- script: echo Azure Pipelines build for $(imageName)!
displayName: "🦅 $(imageName)"
# install the latest version of hawkscan
- task: HawkScanInstall@1
inputs:
version: "latest"
installerType: "$(installerType)"
# docker-compose starts the postgres database on linux os's, not on windows
- task: DockerCompose@0
displayName: Start JavaSpringVulny on linux with docker-compose
condition: eq(variables['imageName'], 'ubuntu-latest')
inputs:
containerregistrytype: "Azure Container Registry"
dockerComposeFile: docker-compose.yml
action: Run services
# specific path replacement for in-memory database on windows in azure-pipelines
- powershell: |
$file = 'src/main/resources/application.properties'
$find = 'spring.datasource.url=jdbc:h2:file:${PWD}/db/vulny;'
$replace = "spring.datasource.url=jdbc:h2:file:D:\\a\\1\\db\\vulny;"
(Get-Content $file).replace($find, $replace) | Set-Content $file
condition: eq(variables['imageName'], 'windows-latest')
displayName: Configure JavaSpringVulny for windows
# azure pipelines default jdk is 8, so we upgrade to 11 to run JavaSpringVulny
# the hawkscan msi bundles java with it, so this step isn't necesarry for running HawkScan
- task: JavaToolInstaller@0
inputs:
versionSpec: "11"
jdkArchitectureOption: "x64"
jdkSourceOption: "PreInstalled"
# start javaspringVulny in the background
- powershell: |
start-process ./gradlew.bat bootRun
displayName: Start JavaSpringVulny on windows with gradle in the background
condition: eq(variables['imageName'], 'windows-latest')
# run hawkscan with the StackHawk Azure Extension
- task: RunHawkScan@1
inputs:
configFile: "stackhawk.yml"
version: "latest"
env:
HAWK_API_KEY: $(HAWK_API_KEY) # use variables in the azure devops ui to configure secrets and env vars
APP_ENV: $(imageName)
APP_ID: $(APP_ID)