[CI] Run external CredScan in Security tools pipeline (Azure#26054)

* Run external CredScan in Security tools pipeline * remove auth part from external CredScan
azure-sdk · Sep 10, 2024 · 64f9db2 · 64f9db2
1 parent 945649d
commit 64f9db2
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/.azure-pipelines/security-tools.yml b/.azure-pipelines/security-tools.yml
@@ -52,6 +52,23 @@ jobs:
       outputFormat: sarif
       scanFolder: SecurityTmp
       suppressionsFile: tools/SecurityTools/CredScanSuppressions.json
+  - task: PowerShell@2
+    displayName: Run external CredScan
+    env:
+      GDN_CREDSCAN_OUTPUTTYPE: sarif
+      Scan_Folder: SecurityTmp
+      GDN_CREDSCAN_SUPPRESSIONSPATH: tools/SecurityTools/CredScanSuppressions.json
+      GDN_CREDSCAN_SUPPRESSASERROR: False
+    inputs:
+      targetType: inline
+      script: |
+        nuget.exe install Microsoft.Security.DevOps.Cli
+        $toolsPath = Join-Path ("Microsoft.Security.DevOps.Cli*" | Resolve-Path) tools
+        $env:Path = "$toolsPath;$env:Path"
+        $env:GDN_CREDSCAN_TARGETDIRECTORY = (Resolve-Path $env:Scan_Folder).Path
+        guardian init -f
+        guardian run -t CredScan
+
   - task: PowerShell@2
     displayName: Generate a response text file for BinSkim
     inputs: