| apiToken |
(Required) The API token used to communicate with Tenable Cloud Security. Generated in the Tenable Cloud Security Console during initial Azure Pipelines setup. |
|
|
| apiUrl |
(Required) The URL of the Tenable Cloud Security API. The API URL varies based on the region in which your Tenable Cloud Security environment is deployed. |
|
https://us.app.ermetic.com/ |
| excludePaths |
Exclude specific paths from the scan. |
|
dev/ |
| excludePolicies |
The IDs of any Tenable policies to exclude from the scan. This parameter is mutually exclusive with `policies` such that a value can only be entered for one of the two. You can use glob patterns as wildcards to define a range of policies. For example, excludePolicies aws-s3-* would exclude all policies related to AWS S3 buckets from the scan. |
|
aws-iam-role-public-access-exists-terraform |
| failOnMinSeverity |
The minimum policy severity that should return an exit code different from 0, and fail the build workflow. Possible values: none information low medium high critical |
none |
critical |
| logs |
Whether to print log messages to the standard workflow output. Log messages include information about the run process of the scanner and debug information, such as the number of files/lines scanned. Possible values: true false |
|
true |
| minSeverity |
The minimum severity of Tenable policies that you want to include in the scan. Possible values: information low medium high critical |
information |
medium |
| outputFileFormats |
The format/s of the report output file/s which will be exported. Possible values: csv json junit sarif |
json |
json,csv |
| outputFileName |
The name of the report output file/s which will be exported. If multiple formats are selected, all files will have the same name. |
results |
results |
| outputJunitTestNamePrefix |
Prefix for JUnit test output name. Used to create a first-level hierarchy in test results. Can be used when junit is defined as an output file format. |
|
Scan1 |
| outputPath |
The export path for the report output file/s. |
|
results/ |
| path |
The repository path that will be scanned. If left blank, the entire repository will be scanned. |
|
prod/ |
| policies |
The IDs of the Tenable policies that will be used to scan the repository, entered as a comma separated list. If no values are entered, all policies will be scanned. This parameter is mutually exclusive with `excludePolicies` such that a value can only be entered for one of the two. You can use glob patterns as wildcards to define a range of policies to include. For example, policies aws-s3-* would include all policies related to AWS S3 buckets in the scan. For information about how to retrieve policy ID information from the CLI, refer to Tenable Cloud Security documentation. |
|
aws-iam-role-public-access-exists-terraform,aws-sqs-queue-encryption-disabled-terraform |
| silent |
Whether to print scan result content to the standard workflow output. Scan result output contains detailed information about issues found during scanning. Independent from logs. Possible values: true false |
false |
false |
| types |
The IaC frameworks to scan. If no value is entered, all frameworks will be scanned. Possible values: terraform terraform-plan cloudformation |
|
terraform |
