| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- trigger:
- branches:
- include:
- - '*'
- pool:
- # Additional hosted image options are available: https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/hosted#software
- vmImage: ubuntu-latest
- steps:
- - task: AdvancedSecurity-Codeql-Init@1
- inputs:
- languages: "csharp"
- # Supported languages: csharp, cpp, go, java, javascript, python, ruby, swift
- # You can customize the initialize task: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/advanced-security-codeql-init-v1?view=azure-pipelines
- # If you're using a self-hosted agent to run CodeQL, use `enableAutomaticCodeQLInstall` to automatically use the latest CodeQL bits on your agent:
- enableAutomaticCodeQLInstall: true
- # Add your custom build steps here
- # - Ensure that all code to be scanned is compiled (often using a `clean` command to ensure you're building from a clean state).
- # - Disable the use of any build caching mechanisms as this can interfere with CodeQL's ability to capture all the necessary data during the build.
- # - Disable the use of any distributed/multithreaded/incremental builds as CodeQL needs to monitor executions of the compiler to construct an accurate representation of the application.
- # - For dependency scanning, ensure you have a package restore step for more accurate results.
-
- # Restore project
- - task: DotNetCoreCLI@2
- inputs:
- command: 'custom'
- custom: 'restore'
- # Build project
- - task: DotNetCoreCLI@2
- inputs:
- command: 'custom'
- custom: 'build'
- arguments: '--no-restore'
- - task: AdvancedSecurity-Dependency-Scanning@1 # More details on this task: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/advanced-security-dependency-scanning-v1?view=azure-pipelines
- - task: AdvancedSecurity-Codeql-Analyze@1 # More details on this task: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/advanced-security-codeql-analyze-v1?view=azure-pipelines
|
