-
Notifications
You must be signed in to change notification settings - Fork 2
/
scanBinaries.yml
37 lines (36 loc) · 1.21 KB
/
scanBinaries.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
parameters:
- name: artifactName
type: string
displayName: "name of the artifact on Azure DevOps that contains the Zip file"
- name: zipFile
type: string
displayName: "name or pattern of the zipfile to be extracted and scanned"
- name: trivyIgnoreFile
type: string
displayName: "path to the trivy ignore file"
default: ''
jobs:
- job: scan
displayName: Scan binaries
pool:
vmImage: 'ubuntu-latest'
steps:
- checkout: self
- task: DownloadPipelineArtifact@2
displayName: Download ZipDeployArchive
inputs:
artifactName: ${{ parameters.artifactName }}
targetPath: '$(System.DefaultWorkingDirectory)'
- task: ExtractFiles@1
displayName: Extract ${{ parameters.zipFile }}
inputs:
archiveFilePatterns: ${{ parameters.zipFile }}
destinationFolder: $(System.DefaultWorkingDirectory)/Binaries
cleanDestinationFolder: true
overwriteExistingFiles: false
- template: ./scanWithRetryTask.yml
parameters:
dockerExtraArguments: "-v $(System.DefaultWorkingDirectory)/Binaries:/src"
trivyExtraArguments: "filesystem /src"
trivyIgnoreFile: ${{ parameters.trivyIgnoreFile }}
displayName: Scan compiled code with Trivy