DEV Community

Discussion on: Defender for DevOps on AzureDevOps

View post

Replies for: Not even sure that this is the right place to give feedback, but I cannot find another place, so hoping Microsoft is listening :) I've been playin...

Collapse
 
pwd9000 profile image
Marcel.L • Edited

Hey @tjementum
Thank you for the great feedback and as the product matures from preview I am sure that there will be exclusions that can be passed as inputs. But for the time being this is possible by using a (*.gdnconfig) config file: github.com/microsoft/security-devo...

  - task: MicrosoftSecurityDevOps@1
    displayName: 'Microsoft Security DevOps'
    inputs:
      config: <path to an MSDO configuration file (*.gdnconfig)>
Enter fullscreen mode Exit fullscreen mode

You are looking for this setting: "SkipRules": "",

Example config for Terrascan using a gdconfig file:

{
  "tools": [
    {
      "tool": {
        "name": "Terrascan",
        "version": "Latest"
      },
      "arguments": {
        "Init": "",
        "Scan": "scan",
        "Server": "",
        "Version": "",
        "ConfigPath": "",
        "LogLevel": "",
        "LogType": "",
        "OutputType": "sarif",
        "Categories": "",
        "ConfigOnly": "",
        "FindVuln": "",
        "Help": "",
        "IacDir": "$(WorkingDirectory)",
        "IacFile": "",
        "IacType": "",
        "IacVersion": "",
        "NonRecursive": "",
        "PolicyPath": "",
        "PolicyType": "",
        "RemoteType": "",
        "RemoteUrl": "",
        "ScanRules": "",
        "Severity": "",
        "ShowPassed": "",
        "SkipRules": "",
        "UseColors": "auto",
        "UseTerraformCache": "",
        "Verbose": ""
      }
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Some comments have been hidden by the post's author - find out more