fflaten · July 24, 2022 20:38 · fflaten · Jul 24, 2022
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
 # Install the SARIF Scan extension in Azure DevOps org. Will look for sarif-file in CodeAnalysisLogs artifact and show in Scans-tab
 # https://marketplace.visualstudio.com/items?itemName=sariftools.scans
 trigger:
  branches:
    include:
      - main
  paths:
    exclude:
      - .vscode/*

 stages:
  - stage: Analyze
    pool:
      vmImage: windows-latest
    variables:
      psModuleFolder: '$(System.DefaultWorkingDirectory)/modules'
    jobs:
      - job: analyze
        workspace:
          clean: all
        timeoutInMinutes: 3
        steps:
          - checkout: self
          - task: Cache@2
            displayName: Cache ConvertToSARIF Module
            inputs:
              key:  psmodule|ConvertToSARIF1
              path: ${{ variables.psModuleFolder }}
              cacheHitVar: PSCacheUsed
          - task: PowerShell@2
            displayName: 'Download ConvertToSARIF module'
            condition: eq(variables.PSCacheUsed, 'false')
            inputs:
              targetType: 'inline'
              script: Save-Module -Name ConvertToSARIF -RequiredVersion 1.0.0 -Path '${{ variables.psModuleFolder }}' -Force
          - task: PowerShell@2
            displayName: 'Run PSScriptAnalyzer'
            continueOnError: true
            inputs:
              targetType: 'inline'
              script: |
                # add module cache to psmodulepath
                $env:PSModulePath = '${{ variables.psModuleFolder }}', $Env:PSModulePath -join [System.IO.Path]::PathSeparator
                Import-Module PSScriptAnalyzer
                Import-Module ConvertToSARIF
                $sarifName = 'pssa-results.sarif'

                Get-ChildItem -Path ./src -Filter *.ps1 -Recurse -File |
                Invoke-ScriptAnalyzer |
                ConvertTo-SARIF -FilePath $sarifName

                # Make paths relative to enable deeplinks
                $pathToRemove = 'file:///$(Build.SourcesDirectory)' -replace '\\', '/'
                $json = (Get-Content $sarifName -Raw).Replace($pathToRemove, '')
                
                # Add repo-reference to enable deeplinks to source (the viewer works with Azure Repo and GitHub)
                $json = $json -replace '(?<=runs":\[\{)', '"versionControlProvenance": [{"repositoryUri": "$(Build.Repository.Uri)", "revisionId": "$(Build.SourceVersion)"}],'
                $json | Set-Content $sarifName

                # | Format-List RuleName, Severity, ScriptPath, Line, Column, Message
              workingDirectory: '$(Build.SourcesDirectory)'
          - task: PublishBuildArtifacts@1
            displayName: Publish code analysis artifact from PSSA
            inputs:
              ArtifactName: CodeAnalysisLogs
              PathtoPublish: $(System.DefaultWorkingDirectory)/pssa-results.sarif
	# Install the SARIF Scan extension in Azure DevOps org. Will look for sarif-file in CodeAnalysisLogs artifact and show in Scans-tab
	# https://marketplace.visualstudio.com/items?itemName=sariftools.scans
	trigger:
	branches:
	include:
	- main
	paths:
	exclude:
	- .vscode/*

	stages:
	- stage: Analyze
	pool:
	vmImage: windows-latest
	variables:
	psModuleFolder: '$(System.DefaultWorkingDirectory)/modules'
	jobs:
	- job: analyze
	workspace:
	clean: all
	timeoutInMinutes: 3
	steps:
	- checkout: self
	- task: Cache@2
	displayName: Cache ConvertToSARIF Module
	inputs:
	key: psmodule\|ConvertToSARIF1
	path: ${{ variables.psModuleFolder }}
	cacheHitVar: PSCacheUsed
	- task: PowerShell@2
	displayName: 'Download ConvertToSARIF module'
	condition: eq(variables.PSCacheUsed, 'false')
	inputs:
	targetType: 'inline'
	script: Save-Module -Name ConvertToSARIF -RequiredVersion 1.0.0 -Path '${{ variables.psModuleFolder }}' -Force
	- task: PowerShell@2
	displayName: 'Run PSScriptAnalyzer'
	continueOnError: true
	inputs:
	targetType: 'inline'
	script: \|
	# add module cache to psmodulepath
	$env:PSModulePath = '${{ variables.psModuleFolder }}', $Env:PSModulePath -join [System.IO.Path]::PathSeparator
	Import-Module PSScriptAnalyzer
	Import-Module ConvertToSARIF
	$sarifName = 'pssa-results.sarif'

	Get-ChildItem -Path ./src -Filter *.ps1 -Recurse -File \|
	Invoke-ScriptAnalyzer \|
	ConvertTo-SARIF -FilePath $sarifName

	# Make paths relative to enable deeplinks
	$pathToRemove = 'file:///$(Build.SourcesDirectory)' -replace '\\', '/'
	$json = (Get-Content $sarifName -Raw).Replace($pathToRemove, '')

	# Add repo-reference to enable deeplinks to source (the viewer works with Azure Repo and GitHub)
	$json = $json -replace '(?<=runs":\[\{)', '"versionControlProvenance": [{"repositoryUri": "$(Build.Repository.Uri)", "revisionId": "$(Build.SourceVersion)"}],'
	$json \| Set-Content $sarifName

	# \| Format-List RuleName, Severity, ScriptPath, Line, Column, Message
	workingDirectory: '$(Build.SourcesDirectory)'
	- task: PublishBuildArtifacts@1
	displayName: Publish code analysis artifact from PSSA
	inputs:
	ArtifactName: CodeAnalysisLogs
	PathtoPublish: $(System.DefaultWorkingDirectory)/pssa-results.sarif
No results found