-
Notifications
You must be signed in to change notification settings - Fork 55
/
Copy pathcoverity-sarif.yml
41 lines (41 loc) · 1.64 KB
/
coverity-sarif.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# example pipeline for Coverity scans using the Black Duck Security Scan Extension for ADO
# https://marketplace.visualstudio.com/items?itemName=blackduck.blackduck-security-scan
# and the SARIF SAST Scans Tab extension from Microsoft DevLabs
# https://marketplace.visualstudio.com/items?itemName=sariftools.scans
pool:
name: private-linux
variables:
- group: poc222.coverity.synopsys.com
- name: COVERITY_TOOL_HOME
value: /opt/coverity/analysis/2024.12.0
workspace:
clean: all
steps:
- task: Maven@4
displayName: 'Maven Build'
inputs:
options: '-B -DskipTests'
- task: BlackDuckSecurityScan@2
displayName: 'Coverity Scan'
inputs:
coverity_url: $(COVERITY_URL)
coverity_user: $(COV_USER)
coverity_passphrase: $(COVERITY_PASSPHRASE)
coverity_policy_view: 'Outstanding Issues'
mark_build_status: 'SucceededWithIssues'
coverity_local: true
coverity_install_directory: $(COVERITY_TOOL_HOME)
- script: |
set -ex
IDIR=$(find $(Build.SourcesDirectory)/.bridge -name idir)
$COVERITY_TOOL_HOME/bin/cov-format-errors --dir "$IDIR" --json-output-v10 issues.json
$COVERITY_TOOL_HOME/node/bin/node $COVERITY_TOOL_HOME/SARIF/cov-format-sarif-for-github.js \
--inputFile issues.json --outputFile coverity-report.sarif --githubUrl https://dev.azure.com \
--repoName chuckaude/hello-java --checkoutPath chuckaude/hello-java $(Build.SourcesDirectory) $(Build.SourceVersion)
zip CodeAnalysisLogs.zip coverity-report.sarif
displayName: 'Create SARIF Report'
- task: PublishBuildArtifacts@1
displayName: 'Publish SARIF Report'
inputs:
PathtoPublish: 'coverity-report.sarif'
ArtifactName: CodeAnalysisLogs