-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #396 from convisoappsec/update/azure-pipelines-gra…
…ph-mode Update Azure Pipelines Graph Mode
- Loading branch information
Showing
5 changed files
with
94 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,6 +6,9 @@ description: Azure Pipelines is a CI/CD module of the Azure DevOps platform; le | |
| keywords: [Azure Pipelines Graph Mode Integration] | ||
| --- | ||
|
|
||
| import Tabs from '@theme/Tabs'; | ||
| import TabItem from '@theme/TabItem'; | ||
|
|
||
| <div style={{textAlign: 'center'}}> | ||
|
|
||
|  | ||
|
|
@@ -24,7 +27,15 @@ In order for the experience with Conviso's services to be complete, it is necess | |
|
|
||
| 1. Hosted Agent Pool (Ubuntu 22.04 or higher) with Docker installed or Agent Cloud Azure; | ||
|
|
||
| 2. External access (can be limited to Conviso's registry for SAST, Dockerhub and Conviso Platform). | ||
| 2. [Script access to the OAuth token enabled](https://learn.microsoft.com/en-us/azure/devops/pipelines/release/options?view=azure-devops#allow-scripts-to-access-the-oauth-token): | ||
|
|
||
| <div style={{textAlign: 'center'}}> | ||
|
|
||
|  | ||
|
|
||
| </div> | ||
|
|
||
| 3. External access (can be limited to Conviso's registry for AST, Dockerhub and Conviso Platform). | ||
|
|
||
| ## First Steps | ||
|
|
||
|
|
@@ -50,17 +61,94 @@ Given an Azure Devops project, to create a Welcome Pipeline you can follow the s | |
|
|
||
| 10. To configure Conviso AST, within the script field, add the code snippet presented below: | ||
|
|
||
| ```yml | ||
| echo "Installing Conviso CLI..." | ||
| sudo pip3 install conviso-cli | ||
| conviso -k $(CONVISO_API_KEY) ast run | ||
| ``` | ||
| <Tabs> | ||
| <TabItem value="windows" label="Windows Agent"> | ||
| ```bash | ||
| echo "Installing Conviso CLI..." | ||
| pip3 install conviso-cli | ||
| conviso -k $(CONVISO_API_KEY) ast run | ||
| ``` | ||
| </TabItem> | ||
|
|
||
| <TabItem value="linux" label="Linux Agent"> | ||
| ```bash | ||
| echo "Installing Conviso CLI..." | ||
| sudo pip3 install conviso-cli | ||
| conviso -k $(CONVISO_API_KEY) ast run | ||
| ``` | ||
| </TabItem> | ||
| </Tabs> | ||
|
|
||
|
|
||
| 11. Click at **Save & Queue**. The pipeline execution will begin in a few moments. | ||
|
|
||
| 12. The resulsts will be sent to Conviso Platform. | ||
|
|
||
| ## Troubleshooting | ||
|
|
||
| ### Configuring API Key | ||
|
|
||
| If authentication is not performed even when loading the ```CONVISO_API_KEY``` variable, make sure it is provided as environment variables for all tasks that use the CLI. | ||
|
|
||
| ### Ensuring Git is added to PATH Environment Variable | ||
|
|
||
| If you encounter the error below, ensure that the `PATH` environment variable includes `C:\Program Files\Git\bin`: | ||
|
|
||
| ``` | ||
| Unable to locate executable file: 'bash'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. | ||
| ``` | ||
|
|
||
| Follow these steps to verify and update it: | ||
|
|
||
| 1. Access your project in Azure; | ||
| 2. Navigate to **Agent pools**: | ||
|
|
||
| <div style={{textAlign: 'center'}}> | ||
|
|
||
|  | ||
|
|
||
| </div> | ||
|
|
||
| 3. In the **Capabilities** tab, search for the **Path** environment variable: | ||
|
|
||
| <div style={{textAlign: 'center'}}> | ||
|
|
||
|  | ||
|
|
||
| </div> | ||
|
|
||
| 4. Add `C:\Program Files\Git\bin` to the environment variable. | ||
|
|
||
| <div style={{textAlign: 'center'}}> | ||
|
|
||
|  | ||
|
|
||
| </div> | ||
|
|
||
| 5. Restart the agent service. | ||
|
|
||
| ### Allowing Script Access to the OAuth Token | ||
|
|
||
| If you encounter the following error, it indicates that the script does not have access to the OAuth token: | ||
|
|
||
| ``` | ||
| Error: Cmd('git') failed due to: exit code(128) | ||
| cmdline: git fetch --unshallow | ||
| stderr: 'fatal: could not read user Password for 'https://[email protected]': terminal prompts disabled' | ||
| ``` | ||
|
|
||
| To resolve this issue, follow these steps: | ||
|
|
||
| 1. Open the Agent job configuration in your pipeline settings. | ||
|
|
||
| 2. Under **Additional options**, select the checkbox labeled [**Allow scripts to access the OAuth token**](https://learn.microsoft.com/en-us/azure/devops/pipelines/release/options?view=azure-devops#allow-scripts-to-access-the-oauth-token): | ||
|
|
||
| <div style={{textAlign: 'center'}}> | ||
|
|
||
|  | ||
|
|
||
| </div> | ||
|
|
||
| 3. Save the changes and rerun the pipeline. | ||
|
|
||
| [](https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/redirect?encryptedPayload=AVxigLKtcWzoFbzpyImNNQsXC9S54LjJuklwM39zNd7hvSoR%2FVTX%2FXjNdqdcIIDaZwGiNwYii5hXwRR06puch8xINMyL3EXxTMuSG8Le9if9juV3u%2F%2BX%2FCKsCZN1tLpW39gGnNpiLedq%2BrrfmYxgh8G%2BTcRBEWaKasQ%3D&webInteractiveContentId=125788977029&portalId=5613826) | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.