Horusec Scan Task
Add the Horusec scan results to the pipeline. Horusec is an open source tool that performs static code analysis to identify security flaws.
It is recommended to use a Linux agent pool (e.g.
Windows agent pool can also be used, but it may encounter some container issues and may not be able to use all the tools for scanning.
If you are currently using a Windows agent, you can add a new Linux agent job:
for YAML reference:
If you use the default options, the Herusec scan result will be displayed as text in the console.
If you want to output as a SARIF report, you can specify the
The generated SARIF file will only contain the path of the scanned file by default. You can check the
We recommended to install the SARIF SAST Scans Tab extension to view the SARIF report. Just publish the artifact with the Artifact name
You can then see the scan results in the