Azure DevOps

Prerequisites

Instructions for SCA scans

  • The main source of configuration for your build is the azure-pipelines.yml file stored in your repository.

  • If the file does not exist, create a file called azure-pipelines.yml in your repository

  • Find the .yml is for python and replace

    • lang - java | python | node | PHP | go | rust | dotnet

    • api-key - your API key

    • project-name - your project name

  • The following sample runs an SCA scan on a python project

Azure DevOps
Azure DevOps
# Cloud Defense SCA and SAST scan
# Scan the python project for SCA and SAST vulnerabilities.
# Add steps that analyze code, save the dist with the build record, publish to a PyPI-compatible index, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/python
trigger:
- master
jobs:
- job: Cloud_Defense_SCA_Scan
pool:
vmImage: 'ubuntu-latest'
strategy:
matrix:
Python37:
python.version: '3.7'
steps:
inputs:
versionSpec: '$(python.version)'
displayName: 'Use Python $(python.version)'
- script: |
python -m pip install --upgrade pip
pip install -r requirements.txt
displayName: 'Install dependencies'
- script: |
curl https://raw.githubusercontent.com/CloudDefenseAI/cd/master/latest/cd-latest-linux-x64.tar.gz > /tmp/cd-latest-linux-x64.tar.gz && tar -C /tmp -xzf /tmp/cd-latest-linux-x64.tar.gz && chmod +x /tmp/cdefense
export CD_API_KEY=<YOUR API KEY>
/tmp/cdefense sca -q --lang=python --project-name=azure-vulnerable-python
displayName: 'SCA Scan'

Create a new pipeline

Choose a repo from Azure git or an external git

New pipeline

Select your repo

Select repo

Configure your pipeline, select a relevant pipeline for your application, or select starter pipeline

Configure pipeline

Add a new scan step in your pipeline (see above) and run the pipeline

Sample output