From 26673e89628fd0530f032ff5282d031a4df2b761 Mon Sep 17 00:00:00 2001 From: Christian Schaible Date: Tue, 22 Oct 2024 15:13:29 +0200 Subject: [PATCH] Add snyk check --- .azuredevops/azure-pipelines.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.azuredevops/azure-pipelines.yml b/.azuredevops/azure-pipelines.yml index e96e334..965bdb7 100644 --- a/.azuredevops/azure-pipelines.yml +++ b/.azuredevops/azure-pipelines.yml @@ -20,6 +20,9 @@ stages: jobs: - job: GoBuildTest displayName: Run build and tests + variables: + - name: isCiBuild + value: $[eq(variables['Build.SourceBranch'], 'refs/heads/main')] steps: - task: GoTool@0 displayName: Install Go $(goVersion) @@ -85,6 +88,30 @@ stages: condition: succeeded() displayName: Run tests + - task: SnykSecurityScan@1 + condition: and(succeeded(), eq(variables.isCiBuild, true)) + displayName: Snyk check (main branch) + inputs: + additionalArguments: "--remote-repo-url=$(Build.Repository.Uri)" + failOnIssues: false + monitorWhen: 'always' + organization: 'xx-sit-odj-stackit-public' + projectName: $(Build.Repository.Name) + serviceConnectionEndpoint: 'xx-sit-odj-stackit-public-snyk' + testType: 'app' + + - task: SnykSecurityScan@1 + condition: and(succeeded(), eq(variables.isCiBuild, false)) + displayName: Snyk check + inputs: + additionalArguments: "--remote-repo-url=$(Build.Repository.Uri)" + failOnIssues: false + monitorWhen: 'never' + organization: 'xx-sit-odj-stackit-public' + projectName: $(Build.Repository.Name) + serviceConnectionEndpoint: 'xx-sit-odj-stackit-public-snyk' + testType: 'app' + - bash: sudo rm -rf .gomodcache condition: always() displayName: Clean up the local cache (.gomodcache)