Azure DevOps

Prerequisites

Instructions for SCA scans

    The main source of configuration for your build is the azure-pipelines.yml file stored in your repository.
    If the file does not exist, create a file called azure-pipelines.yml in your repository
    Find the .yml is for python and replace
      lang - java | python | node | PHP | go | rust | dotnet
      api-key - your API key
      project-name - your project name
    The following sample runs an SCA scan on a python project
Azure DevOps
1
# Cloud Defense SCA and SAST scan
2
# Scan the python project for SCA and SAST vulnerabilities.
3
# Add steps that analyze code, save the dist with the build record, publish to a PyPI-compatible index, and more:
4
# https://docs.microsoft.com/azure/devops/pipelines/languages/python
5
​
6
trigger:
7
- master
8
​
9
jobs:
10
- job: Cloud_Defense_SCA_Scan
11
pool:
12
vmImage: 'ubuntu-latest'
13
strategy:
14
matrix:
15
Python37:
16
python.version: '3.7'
17
steps:
19
inputs:
20
versionSpec: '$(python.version)'
21
displayName: 'Use Python $(python.version)'
22
- script: |
23
python -m pip install --upgrade pip
24
pip install -r requirements.txt
25
displayName: 'Install dependencies'
26
- script: |
27
curl https://raw.githubusercontent.com/CloudDefenseAI/cd/master/latest/cd-latest-linux-x64.tar.gz > /tmp/cd-latest-linux-x64.tar.gz && tar -C /tmp -xzf /tmp/cd-latest-linux-x64.tar.gz && chmod +x /tmp/cdefense
28
export CD_API_KEY=<YOUR API KEY>
29
/tmp/cdefense sca -q --lang=python --project-name=azure-vulnerable-python
30
displayName: 'SCA Scan'
31
​
Copied!
Create a new pipeline
Choose a repo from Azure git or an external git
New pipeline
Select your repo
Select repo
Configure your pipeline, select a relevant pipeline for your application, or select starter pipeline
Configure pipeline
Add a new scan step in your pipeline (see above) and run the pipeline
Sample output
Last modified 1mo ago