Ermetic Azure Pipelines Extension

Use the Ermetic Azure Pipelines extension to scan your infrastructure-as-code (IAC) pipeline for security issues. Doing so can help you identify and remediate configuration issues before your cloud resources are deployed.

IaC Scan Task Parameters

Parameter	Description	Default	Example
apiToken	(Required) The API token used to communicate with Ermetic. Generated in the Ermetic Console during initial Azure Pipelines setup.
apiUrl	(Required) The URL of the Ermetic API. The API URL varies based on the region in which your Ermetic environment is deployed.		`https://us.app.ermetic.com/`
excludePaths	Exclude specific paths from the scan.		`dev/`
excludePolicies	The IDs of any Ermetic policies to exclude from the scan. This parameter is mutually exclusive with `policies` such that a value can only be entered for one of the two.		`3e4d5ce6-3280-4027-8010-c26eeea1ec01`
failOnMinSeverity	The minimum policy severity that should return an exit code different from 0, and fail the build workflow. Possible values: `none` `information` `low` `medium` `high` `critical`	`none`	`critical`
logs	Whether to print log messages to the standard workflow output. Log messages include information about the run process of the scanner and debug information, such as the number of files/lines scanned. Possible values: `true` `false`		`true`
minSeverity	The minimum severity of Ermetic policies that you want to include in the scan. Possible values: `information` `low` `medium` `high` `critical`	`information`	`medium`
outputFileFormats	The format/s of the report output file/s which will be exported. Possible values: `csv` `json` `junit` `sarif`	`json`	`json,csv`
outputFileName	The name of the report output file/s which will be exported. If multiple formats are selected, all files will have the same name.	`results`	`results`
outputPath	The export path for the report output file/s.		`results/`
paths	The repository path/s that will be scanned by Ermetic, entered as a comma separated list. If left blank, Ermetic will scan the entire repository.		`prod/,stg/`
policies	The IDs of the Ermetic policies that will be used to scan the repository, entered as a comma separated list. If no values are entered, all policies will be scanned. This parameter is mutually exclusive with `excludePolicies` such that a value can only be entered for one of the two. For information about how to retrieve policy ID information from the Ermetic CLI, refer to Ermetic documentation.		`3e4d5ce6-3280-4027-8010-c26eeea1ec01,32ecd6eb-0711-421f-9627-1a28d9eff217`
silent	Whether to print scan result content to the standard workflow output. Scan result output contains detailed information about issues found during scanning. Independent from logs. Possible values: `true` `false`	`false`	`false`
types	The IaC frameworks that Ermetic scans. If no value is entered, Ermetic scans all frameworks. Possible values: `terraform` `terraform-plan` `cloudformation`		`terraform`