-
Notifications
You must be signed in to change notification settings - Fork 2
/
scanCompiledArtifacts.yml
31 lines (29 loc) · 1.09 KB
/
scanCompiledArtifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Repo: FirelyTeam/azure-pipeline-templates
# File: scanCompiledArtifacts.yml
# Description: scan a directory of compiled code for vulnerabilities
parameters:
- name: 'directory'
type: 'string'
displayName: 'The directory to scan for vulnerabilities'
- name: 'trivyIgnoreFile'
type: 'string'
default: ''
displayName: 'The path to the trivy ignore file'
- name : trivyCacheAzureSubscription
type: string
default: ''
displayName: 'Subscription used to retrieve Trivy cache. If left empty, no cache will be used.'
- name : trivyCacheStorageAccount
type: string
default: ''
steps:
- checkout: self
- template: ./scanWithRetryTask.yml
parameters:
dockerExtraArguments: "-v ${{ parameters.directory }}/Binaries:/src"
trivyExtraArguments: "filesystem /src"
trivyIgnoreFile: ${{ parameters.trivyIgnoreFile }}
displayName: Scan compiled code with Trivy
trivyCacheAzureSubscription: ${{ parameters.trivyCacheAzureSubscription }}
trivyCacheStorageAccount: ${{ parameters.trivyCacheStorageAccount }}
localTrivyCachePath: $(Agent.TempDirectory)/trivy-cache