hace 4 meses · abb7800cfb
--- a/ToAdvanceSecurity.ps1
+++ b/ToAdvanceSecurity.ps1
@@ -0,0 +1,15 @@
 
				+$branch = git rev-parse --abbrev-ref HEAD
			
 
				+$ssha = git rev-parse --short head
			
 
				+$filePath = Join-Path -Path (Get-Location) -ChildPath "source_commit"
			
 
				+[System.IO.File]::WriteAllLines($filePath, "Sync updates from "+$branch+" in general repo(Commit SHA:"+$ssha+")to security repo")
			
 
				+mv .git OriginGit
			
 
				+mv AdvSecurityGit .git
			
 
				+git add -A
			
 
				+git commit -a -F source_commit
			
 
				+git push
			
 
				+mv .git AdvSecurityGit
			
 
				+mv OriginGit .git
			
 
				+git add -A
			
 
				+git commit -a -F source_commit
			
 
				+git push
			
 
				+Remove-Item "source_commit"
			
--- a/azure-security.yaml
+++ b/azure-security.yaml
@@ -0,0 +1,43 @@
 
				+trigger:
			
 
				+  branches:
			
 
				+    include:
			
 
				+      - '*'
			
 
				+
			
 
				+pool:
			
 
				+  # Additional hosted image options are available: https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/hosted#software
			
 
				+  vmImage: ubuntu-latest
			
 
				+
			
 
				+steps:
			
 
				+
			
 
				+  - task: AdvancedSecurity-Codeql-Init@1
			
 
				+    inputs:
			
 
				+      languages: "csharp"
			
 
				+      # Supported languages: csharp, cpp, go, java, javascript, python, ruby, swift
			
 
				+      # You can customize the initialize task: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/advanced-security-codeql-init-v1?view=azure-pipelines
			
 
				+      # If you're using a self-hosted agent to run CodeQL, use `enableAutomaticCodeQLInstall` to automatically use the latest CodeQL bits on your agent:
			
 
				+      enableAutomaticCodeQLInstall: true
			
 
				+
			
 
				+#   Add your custom build steps here
			
 
				+# - Ensure that all code to be scanned is compiled (often using a `clean` command to ensure you're building from a clean state).
			
 
				+# - Disable the use of any build caching mechanisms as this can interfere with CodeQL's ability to capture all the necessary data during the build.
			
 
				+# - Disable the use of any distributed/multithreaded/incremental builds as CodeQL needs to monitor executions of the compiler to construct an accurate representation of the application.
			
 
				+# - For dependency scanning, ensure you have a package restore step for more accurate results.
			
 
				+
			
 
				+  
			
 
				+
			
 
				+  # Restore project
			
 
				+  - task: DotNetCoreCLI@2
			
 
				+    inputs:
			
 
				+        command: 'custom'
			
 
				+        custom: 'restore'
			
 
				+
			
 
				+  # Build project
			
 
				+  - task: DotNetCoreCLI@2
			
 
				+    inputs:
			
 
				+        command: 'custom'
			
 
				+        custom: 'build'
			
 
				+        arguments: '--no-restore'
			
 
				+
			
 
				+  - task: AdvancedSecurity-Dependency-Scanning@1 # More details on this task: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/advanced-security-dependency-scanning-v1?view=azure-pipelines
			
 
				+
			
 
				+  - task: AdvancedSecurity-Codeql-Analyze@1 # More details on this task: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/advanced-security-codeql-analyze-v1?view=azure-pipelines