Scan your code in CI/CD using Security Code Scan

#securitycodescan #dotnet #cicd

_{Photo by Adi Goldstein on Unsplash}

The issue

Recently i came across the following post describing tools we can use to audit our code.

SecurityCodeScan and DevSkim were promising but DevSkimseems to be only compatible with .net core 3.1 Application.

So we tried SecurityCodeScan and are satisfied with it.
But we want to integrate it in our Azure DevOps pipeline but the task available seems to be only for TFS on Premise.

Integration

As suggested in this issue, we just had to add a script to inject the dependency in our .csproj before the build to perform analysis without impacting local dev.

REM @Echo off

FOR /R %~dp0 %%f in (*.csproj) do  ( 
    CALL dotnet add %%~ff package SecurityCodeScan --version 3.5.3 
)

A page helped me with the syntax for the FOR loop.

%~dp0 refers to the directory the script is.

Hope this help !

Top comments (0)

Devops pipeline on a Golang Web App with Gitops and Kubernetes

pankaj892 - Oct 23

How to prevent XSS Attacks in ASP.NET Core Web API

ByteHide - Oct 22

C# advanced: Exploring Tuples An Alternative to Anonymous Types

mohamed Tayel - Oct 22

Real-World Expression Trees: Dynamic Filtering in C# with Minimal API

Tural Suleymani - Oct 22

DEV Community