Add CredScan task to ADO pipeline (microsoft#5517)

.azure-pipelines.yml

@@ -55,3 +55,23 @@ jobs:
     parameters:
       perf_or_release: ${{ variables['perf_or_release'] }}
       perf_tests: ${{ variables['perf_tests'] }}
+
+  - job: CredScan
+    variables:
+      Codeql.SkipTaskAutoInjection: true
+      skipComponentGovernanceDetection: true
+    pool:
+      vmImage: "ubuntu-20.04"
+    steps:
+      # Scan for credentials in the repo
+      - task: CredScan@3
+        inputs:
+          suppressionsFile: .gdn/CredScanSuppressions.json
+          # To suppress folders, rather than individual files, we require both of the following options
+          debugMode: true
+          folderSuppression: true
+
+      # Break the build if any credentials (or other Guardian scans) find issues
+      - task: PostAnalysis@2
+        inputs:
+          GdnBreakAllTools: true

.gdn/CredScanSuppressions.json

@@ -0,0 +1,13 @@
+{
+  "tool": "Credential Scanner",
+  "suppressions": [
+    {
+      "folder": ["3rdparty"],
+      "_justification": "Ignore 3rdparty test credentials"
+    },
+    {
+      "folder": ["tests/testdata"],
+      "_justification": "Ignore test credentials"
+    }
+  ]
+}