loading...
Cover image for Scan your code in CI/CD using Security Code Scan

Scan your code in CI/CD using Security Code Scan

antoinega profile image Antoine ・1 min read

Photo by Adi Goldstein on Unsplash

The issue

Recently i came across the following post describing tools we can use to audit our code.

SecurityCodeScan and DevSkim were promising but DevSkimseems to be only compatible with .net core 3.1 Application.

So we tried SecurityCodeScan and are satisfied with it.
But we want to integrate it in our Azure DevOps pipeline but the task available seems to be only for TFS on Premise.

Integration

As suggested in this issue, we just had to add a script to inject the dependency in our .csproj before the build to perform analysis without impacting local dev.

REM @Echo off

FOR /R %~dp0 %%f in (*.csproj) do  ( 
    CALL dotnet add %%~ff package SecurityCodeScan --version 3.5.3 
)

A page helped me with the syntax for the FOR loop.

%~dp0 refers to the directory the script is.

Hope this help !

Posted on May 24 by:

antoinega profile

Antoine

@antoinega

mainly .Net but looking for great stuff about anything

Discussion

markdown guide