azure-pipelines.yml

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- none
pr:
- none

pool:
  vmImage: ubuntu-latest

variables:
  syft_version: 'v0.83.1'

steps:
- task: CmdLine@2
  displayName: 'download scaresolver'
  inputs:
    script: |
      wget https://sca-downloads.s3.amazonaws.com/cli/latest/ScaResolver-linux64.tar.gz
      tar -xzvf ScaResolver-linux64.tar.gz
      rm -rf ScaResolver-linux64.tar.gz

- task: CmdLine@2
  displayName: 'echo path'
  inputs:
    script: |
      echo $PATH

- task: CmdLine@2
  displayName: 'install syft'
  inputs:
    script: |
      curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b . $(syft_version)

- task: CmdLine@2
  displayName: 'list all files'
  inputs:
    script: |
      ls -al  

- task: CmdLine@2
  displayName: 'show syft & ScaResolver version'
  inputs:
    script: |
      ./syft version
      ./ScaResolver --version

- task: CmdLine@2
  displayName: 'use bash show syft version'
  inputs:
    script: |
      bash -c './syft version'
- task: CmdLine@2
  displayName: 'set path'
  inputs:
    script: |
      echo "##vso[task.setvariable variable=PATH]${PATH}:$(System.DefaultWorkingDirectory)"

- task: Checkmarx AST@2
  inputs:
    CheckmarxService: 'CxOne'
    projectName: '$(Build.Repository.Name)'
    branchName: '$(Build.SourceBranchName)'
    tenantName: 'dp_wp_account'
    additionalParams: '--debug --report-format summaryHTML  --scan-types sca --sca-resolver ./ScaResolver --sca-resolver-params "--ignore-dev-dependencies  true --scan-containers --images manuelbcd/vulnapp:latest,debian:10 --log-level Debug --containers-result-path .cxsca-container-results.json"'

- task: PublishBuildArtifacts@1
  inputs:
    pathToPublish: '.cxsca-container-results.json'
    artifactName: Container_results