Betterscan Azure DevOps

Table of contents

1. About

2. Usage

3. Documentation

4. Issues

5. Contributing

6. License

About

This repository contains a Betterscan CLI Azure DevOps Pipeline extension to be integrated in Azure DevOps Pipeline. With this extension, you will be able to perform a static code analysis (SAST), Code Scanning, Secret scanning also for Cloud Infrastructure (IaC) in search of vulnerabilities.

Usage

Requirements

Executing an analysis

You want to use betterscan task

trigger:
- main
pool:
  vmImage: ubuntu-latest
steps:
- task: betterscanscan@0

Addtionally you might want to push the Artefact and maintain state

  - task: PublishBuildArtifacts@1
      displayName: Publish SAST report
      inputs:
        PathtoPublish: $(Build.SourcesDirectory)
        ArtifactName: CodeAnalysisLogs

    - script: |
        git add .checkmate/db.sqlite
        git add report.html
        git commit -m '[ci skip] update checkmate db'
        git push origin $(Build.SourceBranchName):$(Build.SourceBranch)
      displayName: Commit and Push checkmate db

Then please install: SARIF Viewed plugin

It will add "Scans" tab to both the Build Results page and the Work Item page.

Documentation

For more information about Betterscan, please check out the documentation.

Issues

To open or track an issue for this project, in order to better coordinate your discussions, we recommend that you use the Issues tab in the main Betterscan-CLI repository.

Contributing

If you want to contribute to this repository, access our Contributing Guide.

License

Apache License 2.0