Azure Pipelines Task for Xygeni Security Scanner
Overview
This task runs Xygeni Scanner in Azure Pipelines.
The task uses the Xygeni CLI for scanning the software project for vulnerabilities, malware and misconfigurations.
Pre-requisites
The scanner needs an API token to communicate with the Xygeni platform. Such API token is a secret that could be registered safely as a (secret) pipeline variable. If you name the variable XYGENI_TOKEN, the task will look for it automatically. Otherwise, you can pass it in an environment variable such as XYGENI_TOKEN and set the input property xygeniToken = 'env:XYGENI_TOKEN'.
See Generate Token for Scanner for instructions. The token needs upload permissions to the Xygeni platform.
Installing the task
Go to the Visual Studio Marketplace, search for Xygeni Security Scanner and install it, or go directly to the extension page at Xygeni Security Scanner.
Using the task
- Add the task to your pipeline: Search
Xygeni Security Scanner. Add the task to your pipeline using the UI assistant in the right panel, or in the pipeline YAML editor.
Task properties
The following is an example of the YAML editor:
steps:
# ...Other build steps here...
- task: xygeni-scanner@1
displayName: 'Run Xygeni Scanner'
env:
XYGENI_TOKEN: $(XYGENI_TOKEN)
# Token for checking Azure DevOps configuration for misconfigurations
AZURE_TOKEN: $(AZURE_TOKEN)
inputs:
scanDirectory: '$(Build.Repository.LocalPath)'
xygeniToken: 'env:XYGENI_TOKEN'
deps: true
inventory: true
secrets: true
misconfig: true
suspectdeps: true
iac: true
outputFile: '$(Build.ArtifactStagingDirectory)/xygeni/findings.json'
outputFormat: json
- task: PublishBuildArtifacts@1
displayName: 'Publish xygeni findings as artifacts'
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)/xygeni'
ArtifactName: 'Xygeni_findings'
For more information, visit https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview.
License
The task is released under the Apache 2.0 License.
