Skip to content

Commit ca9ba01

Browse files
sima-zhusima-zhu
authored
Switch the steps of post-analysis and publish artifact. Convert sarif file extension to csv (Azure#20575)
* Switch the post analysis and publish archifacts. Also, add csv file in aritfacts
1 parent b774555 commit ca9ba01

File tree

1 file changed

+25
-3
lines changed

1 file changed

+25
-3
lines changed

eng/pipelines/aggregate-reports.yml

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -110,9 +110,6 @@ jobs:
110110
inputs:
111111
suppressionsFile: 'eng\CredScanSuppression.json'
112112
condition: succeededOrFailed()
113-
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
114-
displayName: 'Publish Security Analysis Logs'
115-
condition: succeededOrFailed()
116113
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
117114
displayName: 'Post Analysis'
118115
inputs:
@@ -126,6 +123,31 @@ jobs:
126123
# GdnBreakOutputBaseline: baseline
127124
condition: succeededOrFailed()
128125
continueOnError: true
126+
- pwsh: |
127+
$results = (Get-Content "$(Pipeline.workspace)\.gdn\.r\CredScan\001\CredScan-matches.sarif" | ConvertFrom-Json).runs.results
128+
$csvRows = @()
129+
$pathMatchRegex = ("$(Build.SourcesDirectory)" -replace "\\", "/")
130+
$results | ForEach-Object {
131+
$csvRows += [pscustomobject]@{
132+
ruleId = $_.ruleId
133+
ruleIndex = $_.ruleIndex
134+
fingerprints = $_.fingerprints
135+
message = $_.message
136+
properties = $_.properties
137+
rank = $_.rank
138+
fileName = $_.analysisTarget.uri -replace ".*$pathMatchRegex(.*)", "https://github.com/Azure/azure-sdk-for-java/blob/master/`$1"
139+
startLine = $_.locations.physicalLocation.region.startLine
140+
startColumn = $_.locations.physicalLocation.region.startColumn
141+
endLine = $_.locations.physicalLocation.region.endLine
142+
endColumn = $_.locations.physicalLocation.region.endColumn
143+
level = $_.level
144+
}
145+
}
146+
$csvRows | Export-Csv -Path "$(Pipeline.workspace)\.gdn\.r\CredScan\001\CredScan-matches.csv" -NoTypeInformation
147+
displayName: Add converted csv file for CredScan-matches.sarif
148+
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
149+
displayName: 'Publish Security Analysis Logs'
150+
condition: succeededOrFailed()
129151
# Run link verification at the end as it will run no matter the pipeline passing or failing.
130152
# If this task fails with an error it shouldn't prevent aggregate reports from being generated.
131153
- template: ../common/pipelines/templates/steps/verify-links.yml

0 commit comments

Comments
 (0)