Pipeline scan example for using Maven with Azure DevOps
This example YAML code shows how to add a Pipeline Scan as a build stage in an Azure DevOps build pipeline that uses Maven on Unix.
The example includes a script that downloads and unzips pipeline-scan-LATEST.zip
, to ensure you have the latest version, then runs pipeline-scan.jar
using your API credentials. For improved stability, Veracode recommends that you change these scripts to use the Pipeline Scan Docker image.
trigger:
- master
pool:
vmImage: "ubuntu-latest"
steps:
- task: Maven@3
displayName: Build with Maven
inputs:
mavenPomFile: "app/pom.xml"
mavenOptions: "-Xmx3072m"
javaHomeOption: "JDKVersion"
jdkVersionOption: "1.8"
jdkArchitectureOption: "x64"
publishJUnitResults: true
testResultsFiles: "**/surefire-reports/TEST-*.xml"
goals: "package"
- task: Bash@3
displayName: Veracode Pipeline Scan
inputs:
targetType: "inline"
script: |
curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
unzip -o pipeline-scan-LATEST.zip
java -jar pipeline-scan.jar -vid $(VERACODE_API_ID) -vkey $(VERACODE_API_KEY) -f /home/vsts/work/1/s/app/target/verademo.war || true
# VERACODE_API_ID and VERACODE_API_KEY environment variables must reference your API credentials.
# "|| true" specifies to continue build if Pipeline Scan discovers flaws.
# To fail the build for new flaws not listed in a baseline file, add an existing baseline file with "-bf <baseline filename>" and remove "|| true".
- publish: $(System.DefaultWorkingDirectory)/results.json # Save the scan results as a file named results.json.
artifact: VeracodeBaseline