AdvancedSecurity-Publish@1 - Advanced Security Publish Results v1 task
Combines SARIF file(s) produced by code scanning tool(s), enhances the combined SARIF file, and publishes the enhanced SARIF file to the Advanced Security service.
Note
This task publishes the SARIF files produced by non-Microsoft tasks to Code Scanning for GitHub Advanced Security. Currently, this task works with the Infrastructure-as-Code Scanning Tasks Extension tasks. For more information, see Infrastructure‐as‐Code Scanning.
This task isn't needed when using GitHub Advanced Security for Azure DevOps tasks like AdvancedSecurity-Dependency-Scanning@1 or AdvancedSecurity-Codeql-Analyze@1.
Syntax
# Advanced Security Publish Results v1
# Combines SARIF file(s) produced by code scanning tool(s), enhances the combined SARIF file, and publishes the enhanced SARIF file to the Advanced Security service.
- task: AdvancedSecurity-Publish@1
inputs:
#SarifsInputDirectory: # string. SARIF(s) Input Directory.
#Category: # string. Category.
#WaitForProcessing: false # boolean. Enable Wait for Processing. Default: false.
#WaitForProcessingInterval: '5' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Time Interval. Default: 5.
#WaitForProcessingTimeout: '120' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Timeout. Default: 120.
Inputs
SarifsInputDirectory - SARIF(s) Input Directory
string.
Path to the directory containing the SARIF file(s) that need to be combined, enhanced, and published to Advanced Security. When not specified, the task will look for SARIF file(s) in pre-determined locations.
Category - Category
string.
Category to associate scan results with when enhancing the SARIF file(s) before publishing to Advanced Security. The category of scan results helps distinguish between different types of scan results. Use this field when publishing SARIF file(s) produced by tools other than CodeQL. When publishing SARIF file(s) produced by CodeQL, there is no need to specify a category, and if one is specified, it will be ignored by the task.
WaitForProcessing - Enable Wait for Processing
boolean. Default value: false.
Wait for Advanced Security to process published SARIF file before completing.
WaitForProcessingInterval - Wait for Processing Time Interval
string. Optional. Use when WaitForProcessing = true. Default value: 5.
Time, in seconds, to wait between each call to Advanced Security to check SARIF processing status.
WaitForProcessingTimeout - Wait for Processing Timeout
string. Optional. Use when WaitForProcessing = true. Default value: 120.
Time, in seconds, to wait for Advanced Security to process SARIF file before completing.
Task control options
All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.
Output variables
None.
Remarks
This task publishes the SARIF files produced by non-Microsoft tasks to Code Scanning for GitHub Advanced Security. Currently, this task works with the Infrastructure-as-Code Scanning Tasks Extension tasks. For more information, see Infrastructure‐as‐Code Scanning.
This task isn't needed when using GitHub Advanced Security for Azure DevOps tasks like AdvancedSecurity-Dependency-Scanning@1 or AdvancedSecurity-Codeql-Analyze@1.
Requirements
| Requirement | Description |
|---|---|
| Pipeline types | YAML, Classic build, Classic release |
| Runs on | Agent, DeploymentGroup |
| Demands | None |
| Capabilities | This task does not satisfy any demands for subsequent tasks in the job. |
| Command restrictions | Any |
| Settable variables | Any |
| Agent version | All supported agent versions. |
| Task category | Build |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for