/
sdl-compliance-pipeline.yml
49 lines (45 loc) · 1.4 KB
/
sdl-compliance-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
trigger:
batch: 'true'
branches:
include:
- main
paths:
exclude:
- '*README.md'
- 'docs/*'
pool:
vmImage: 'windows-2022'
variables:
LGTM.UploadSnapshot: true
solution: '**/*.sln'
msbuildPath: '"%ProgramFiles(x86)%\Microsoft Visual Studio\2022\Enterprise\MSBuild\Current\Bin\MSBuild.exe"'
BuildPlatform: x64
BuildConfiguration: Release
jobs:
- job: SDLCompliance
displayName: 'Running SDL Compliance Policy checks'
continueOnError: true
steps:
- task: Semmle@1
displayName: 'Run CodeQL (Semmle)'
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
inputs:
sourceCodeDirectory: '$(Build.SourcesDirectory)\LogMonitor'
language: 'cpp'
buildCommands: '$(msbuildPath) $(BUILD.SourcesDirectory)\$(solution) /t:clean #
$(msbuildPath) $(BUILD.SourcesDirectory)\$(solution) /p:platform=$(BuildPlatform) /p:configuration=$(BuildConfiguration)'
querySuite: 'Recommended'
timeout: '1800'
ram: '8192'
addProjectDirToScanningExclusionList: true
- task: PublishSecurityAnalysisLogs@3
displayName: 'Publish Security Analysis Logs'
continueOnError: true
inputs:
ArtifactName: 'CodeAnalysisLogs'
ArtifactType: 'Container'
PublishProcessedResults: false
AllTools: false
Semmle: true
ToolLogsNotFoundAction: 'Standard'