-
Notifications
You must be signed in to change notification settings - Fork 205
/
Copy pathazure-pipelines.yml
100 lines (87 loc) · 3.7 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# HawkScan Scanning in Azure Pipelines
# This is a demonstration of running JavaSpringVulny (a web applications) in azure-pipelines (a cicd pipeline) with the StackHawk extension (DAST testing)
# https://marketplace.visualstudio.com/items?itemName=StackHawk.stackhawk-extensions
# https://github.com/kaakaww/javaspringvulny
# https://aka.ms/yaml
# matrix builds for different build systems
# use `condition: eq(variables['imageName'], 'ubuntu-latest')` property to filter tasks for specific operating systems
strategy:
matrix:
windows-msi:
imageName: "windows-latest"
installerType: "msi"
windows-zip:
imageName: "windows-latest"
installerType: "zip"
linux-zip:
imageName: "ubuntu-latest"
installerType: "zip"
windows-auto:
imageName: "windows-latest"
installerType: "auto"
linux-auto:
imageName: "ubuntu-latest"
installerType: "auto"
pool:
vmImage: $(imageName)
trigger: none
steps:
- checkout: self
- script: echo Azure Pipelines build for $(imageName)!
displayName: "🦅 $(imageName)"
# install the latest version of hawkscan
- task: HawkScanInstall@1
inputs:
version: "4.0.3"
installerType: "$(installerType)"
condition: not(and(eq(variables['installerType'], 'auto'), eq(variables['imageName'], 'ubuntu-latest')))
- task: HawkScanInstall@1
inputs:
version: "4.0.3"
installerType: "$(installerType)"
installPath: '/home/vsts/custom'
condition: and(eq(variables['installerType'], 'auto'), eq(variables['imageName'], 'ubuntu-latest'))
# azure pipelines default jdk is 8, so we upgrade to 11 to run JavaSpringVulny
# the hawkscan msi bundles java with it, so this step isn't necesarry for running HawkScan
- task: JavaToolInstaller@0
inputs:
versionSpec: "17"
jdkArchitectureOption: "x64"
jdkSourceOption: "PreInstalled"
# download, then start javaspringVulny in the background
- script: |
curl -Ls https://github.com/kaakaww/javaspringvulny/releases/download/0.2.0/java-spring-vuly-0.2.0.jar -o ./java-spring-vuly-0.2.0.jar
java -jar ./java-spring-vuly-0.2.0.jar &
displayName: Start JavaSpringVulny on linux
condition: eq(variables['imageName'], 'ubuntu-latest')
# download, then start javaspringVulny in the background
- powershell: |
Invoke-WebRequest -Uri "https://github.com/kaakaww/javaspringvulny/releases/download/0.2.0/java-spring-vuly-0.2.0.jar" -OutFile "java-spring-vuly-0.2.0.jar"
java --version
Start-Process java -ArgumentList "-jar","java-spring-vuly-0.2.0.jar","--spring.profiles.active=windows"
displayName: Start JavaSpringVulny on windows with gradle in the background
env:
SPRING_DATASOURCE_URL: 'jdbc:h2:file:D:\\a\\1\\db\\vulny;DB_CLOSE_ON_EXIT=FALSE;AUTO_RECONNECT=TRUE'
condition: eq(variables['imageName'], 'windows-latest')
# run hawkscan with the StackHawk Azure Extension
- task: RunHawkScan@1
inputs:
configFile: "stackhawk.yml"
version: "4.0.3"
env:
HAWK_API_KEY: $(HAWK_API_KEY) # use variables in the azure devops ui to configure secrets and env vars
APP_ENV: $(imageName)
APP_ID: $(appId2)
SARIF_ARTIFACT: true
condition: not(and(eq(variables['installerType'], 'auto'), eq(variables['imageName'], 'ubuntu-latest')))
- task: RunHawkScan@1
inputs:
configFile: "stackhawk.yml"
version: "4.0.3"
installPath: '/home/vsts/custom'
env:
HAWK_API_KEY: $(HAWK_API_KEY) # use variables in the azure devops ui to configure secrets and env vars
APP_ENV: $(imageName)
APP_ID: $(appId2)
SARIF_ARTIFACT: true
condition: and(eq(variables['installerType'], 'auto'), eq(variables['imageName'], 'ubuntu-latest'))