azure-pipelines.yml

trigger:
  branches:
    include:
    - main
stages:
- stage: __default
  jobs:
  - job: Job
    pool:
      vmImage: ubuntu-latest
    steps:
    - task: PowerShell@2
      inputs:
        targetType: 'inline'
        script: |
          wget "https://sca-downloads.s3.amazonaws.com/cli/2.12.34/ScaResolver-linux64.tar.gz"
      displayName: 'Download sca-resolver'
    - task: PowerShell@2
      inputs:
        targetType: 'inline'
        script: |
          tar -xzvf "ScaResolver-linux64.tar.gz"
      displayName: 'unzip sca-resolver'
    - task: PowerShell@2
      inputs:
        targetType: 'inline'
        script: |
          rm -rf "ScaResolver-linux64.tar.gz"
      displayName: 'remove tar file'
    - task: Checkmarx AST@3
      inputs:
        CheckmarxService: 'CxOne-Seg'
        projectName: '00252150-ADO-CLI-SCAResolver'
        branchName: 'main'
        tenantName: 'cx_seg'
        additionalParams: --scan-types sast,api-security,sca,iac-security --threshold sast-high=9999;sast-medium=9999;sast-low=9999;api-security-high=200;api-security-medium=9999;api-security-low=9999;sca-high=9999;sca-medium=9999;sca-low=9999;iac-security-high=1;iac-security-medium=9999;iac-security-low=9999 --sca-resolver /home/vsts/work/1/s/ScaResolver --sca-resolver-params "--extract-depth 5 --extract-archives zip --ignore-dev-dependencies --ignore-test-dependencies" -s /home/vsts/work/_temp --sast-filter "!**/test/**" --sca-filter "!*Dockerfile*,!*dockerfile*,!*Containerfile*,!*containerfile*,!*docker-compose*.y*,!**/test/**"  --iac-security-filter "!.gitignore,!**/test/**,!**/tests/**,!**/Test/**,!**/Tests/**,!*.test*,!*.tests*,!*.Test*,!*.Tests*" --iac-security-platforms  Ansible,AzureResourceManager,Buildah,CICD,CloudFormation,Crossplane,DockerCompose,Dockerfile,GRPC,GoogleDeploymentManager,Knative,Kubernetes,OpenAPI,Pulumi,ServerLessFW,Terraform --scan-timeout 120 --wait-delay 30 --tags buildId:508415,pipelineName:Daily-Scan-of-appsec-service-templates,PluginVersion:3,--debug