synced with ado for ghazdo

.azuredevops/pipelines/a11y-scan-advancedsecurity.yml

@@ -0,0 +1,66 @@
+trigger: none
+
+schedules:
+  - cron: '0 6 * * 1' # Every Monday at 06:00 UTC
+    displayName: 'Weekly accessibility scan'
+    branches:
+      include:
+        - main
+    always: true
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+variables:
+  SCANNER_BASE_URL: 'https://a11y-scan-demo-app.azurewebsites.net'
+
+strategy:
+  matrix:
+    codepen-sample:
+      siteName: 'codepen-sample'
+      siteUrl: 'https://codepen.io/leezee/pen/eYbXzpJ'
+    a11y-scan-demo-app:
+      siteName: 'a11y-scan-demo-app'
+      siteUrl: 'https://a11y-scan-demo-app.azurewebsites.net/'
+    ontario-gov:
+      siteName: 'ontario-gov'
+      siteUrl: 'https://www.ontario.ca/page/government-ontario'
+  maxParallel: 3
+
+steps:
+  - checkout: self
+    displayName: 'Checkout repository'
+
+  - script: |
+      mkdir -p results
+      HTTP_STATUS=$(curl -s -o results/$(siteName).sarif -w "%{http_code}" \
+        -X POST "$(SCANNER_BASE_URL)/api/ci/scan" \
+        -H "Content-Type: application/json" \
+        -d '{"url": "$(siteUrl)", "format": "sarif"}' \
+        --max-time 120)
+
+      echo "HTTP status: $HTTP_STATUS"
+
+      if [ "$HTTP_STATUS" -ne 200 ]; then
+        echo "##vso[task.logissue type=error]Scan failed for $(siteUrl) (HTTP $HTTP_STATUS)"
+        cat results/$(siteName).sarif
+        exit 1
+      fi
+
+      echo "SARIF file written: results/$(siteName).sarif"
+      echo "File size: $(wc -c < results/$(siteName).sarif) bytes"
+    displayName: 'Run accessibility scan - $(siteName)'
+    timeoutInMinutes: 5
+
+  - task: PublishBuildArtifacts@1
+    condition: always()
+    inputs:
+      pathToPublish: 'results'
+      artifactName: 'a11y-sarif-$(siteName)'
+    displayName: 'Publish SARIF artifact - $(siteName)'
+
+  - task: AdvancedSecurity-Publish@1
+    condition: always()
+    inputs:
+      SarifsInputDirectory: '$(Build.SourcesDirectory)/results'
+    displayName: 'Publish SARIF to Advanced Security - $(siteName)'

.azuredevops/pipelines/adv-sec-scan.yml

@@ -0,0 +1,52 @@
+trigger:
+  - main
+
+pool:
+  vmImage: ubuntu-latest
+
+variables:
+  SCANNER_BASE_URL: 'https://a11y-scan-demo-app.azurewebsites.net'
+
+steps:
+  - task: AdvancedSecurity-Codeql-Init@1
+    inputs:
+      languages: 'javascript, python'
+    displayName: 'Initialize CodeQL'
+
+  - task: AdvancedSecurity-Dependency-Scanning@1
+    displayName: 'Dependency scanning'
+
+  - task: AdvancedSecurity-Codeql-Analyze@1
+    displayName: 'CodeQL analysis'
+
+  - script: |
+      mkdir -p results
+      HTTP_STATUS=$(curl -s -o results/a11y-scan.sarif -w "%{http_code}" \
+        -X POST "$(SCANNER_BASE_URL)/api/ci/scan" \
+        -H "Content-Type: application/json" \
+        -d '{"url": "$(SCANNER_BASE_URL)", "format": "sarif"}' \
+        --max-time 120)
+
+      echo "HTTP status: $HTTP_STATUS"
+
+      if [ "$HTTP_STATUS" -ne 200 ]; then
+        echo "##vso[task.logissue type=warning]Accessibility scan failed (HTTP $HTTP_STATUS)"
+        cat results/a11y-scan.sarif
+      else
+        echo "SARIF file written: results/a11y-scan.sarif"
+        echo "File size: $(wc -c < results/a11y-scan.sarif) bytes"
+      fi
+    displayName: 'Run accessibility scan'
+    timeoutInMinutes: 5
+
+  - script: |
+      ADVSEC_DIR="$(Agent.TempDirectory)/.advsec"
+      mkdir -p "$ADVSEC_DIR"
+      cp results/*.sarif "$ADVSEC_DIR/" 2>/dev/null || true
+      echo "Staged SARIF files for Advanced Security:"
+      ls -la "$ADVSEC_DIR/"
+    condition: always()
+    displayName: 'Stage SARIF for Advanced Security'
+
+  - task: AdvancedSecurity-Publish@1
+    displayName: 'Publish results to Advanced Security'