Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
0d59d9e
Upgrade dependencies
davidknise Oct 27, 2022
4f05407
Upgrade to codeql-action v2
davidknise Oct 27, 2022
8a7b9b2
Point wiki to the new codql-action v2
davidknise Oct 27, 2022
d7a40c9
Upgarde to node16 actions in samples
davidknise Oct 27, 2022
feab530
Remove on PR sample build
davidknise Oct 27, 2022
5903cf6
Merge branch 'main' of https://github.com/microsoft/security-devops-a…
davidknise Jun 8, 2023
9e44137
Consume updates to use REST API to install MSDO CLI (#55)
JiandongJiang Jun 8, 2023
d2bf750
v1.7.0-beta.3
davidknise Jun 13, 2023
7fb3d99
v1.7.0-beta.3 - remove dotnet install from sample pipelines
davidknise Jun 13, 2023
194a19e
v1.7.0-beta.3 - update defaults
davidknise Jun 13, 2023
78bd028
v1.7.0-beta.3 - reference exported functions
davidknise Jun 13, 2023
534d931
v1.7.0-beta.3 - reference common.isNullOrWhiteSpace
davidknise Jun 13, 2023
1f1352d
v1.7.0-beta.4 - fix lib errors
davidknise Jun 13, 2023
e88ad98
v1.7.0 - set license
davidknise Jun 13, 2023
d4dfb1d
Dev/davidknise/sample matrix os (#62)
davidknise Jun 14, 2023
e93bc0b
v1.7.0 - use release version of actions toolkit
davidknise Jun 15, 2023
0f229a4
Use gulp.js for building
davidknise Jun 15, 2023
ee106b2
v1.7.0 - fix name of on push verification pipeline
davidknise Jun 15, 2023
0ef16dd
v1.7.0 - fix name of on push verification pipeline
davidknise Jun 15, 2023
7c34097
Merge branch 'release/vNext' of https://github.com/microsoft/security…
davidknise Jun 15, 2023
98f71f7
Rename enable-pr-annotations to enable-pr-annotations.yml
prashmo Sep 19, 2022
ca50a4b
Update README.md
j0tr Oct 18, 2022
a40f2aa
Upgrade dependencies
davidknise Oct 27, 2022
172c965
Upgrade to codeql-action v2
davidknise Oct 27, 2022
4f5c02e
Point wiki to the new codql-action v2
davidknise Oct 27, 2022
29ac582
Upgarde to node16 actions in samples
davidknise Oct 27, 2022
0ad8d20
Remove on PR sample build
davidknise Oct 27, 2022
b5b5e7b
Add AntiMalware to README.md
JiandongJiang Apr 22, 2023
a85c2ae
Consume updates to use REST API to install MSDO CLI (#55)
JiandongJiang Jun 8, 2023
dba8673
v1.7.0-beta.3
davidknise Jun 13, 2023
4e48939
v1.7.0-beta.3 - remove dotnet install from sample pipelines
davidknise Jun 13, 2023
37f386e
v1.7.0-beta.3 - update defaults
davidknise Jun 13, 2023
efa8485
v1.7.0-beta.3 - reference exported functions
davidknise Jun 13, 2023
dbf90bd
v1.7.0-beta.3 - reference common.isNullOrWhiteSpace
davidknise Jun 13, 2023
a576d3d
v1.7.0-beta.4 - fix lib errors
davidknise Jun 13, 2023
476e3d7
v1.7.0 - set license
davidknise Jun 13, 2023
d247a67
Dev/davidknise/sample matrix os (#62)
davidknise Jun 14, 2023
37b39c0
v1.7.0 - use release version of actions toolkit
davidknise Jun 15, 2023
714ec54
Use gulp.js for building
davidknise Jun 15, 2023
c71a139
v1.7.0 - fix name of on push verification pipeline
davidknise Jun 15, 2023
933ccef
Merge branch 'release/vNext' of https://github.com/microsoft/security…
davidknise Jun 15, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 0 additions & 45 deletions .github/workflows/enable-pr-annotations.yml

This file was deleted.

24 changes: 10 additions & 14 deletions .github/workflows/on-push-verification.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,25 @@
# pull request action verification

name: MSDO on-push-verification windows-latest
on: push
name: MSDO On Push Verification
on:
push:
branches:
- '*'

jobs:
sample:
name: Microsoft Security DevOps Analysis
name: MSDO on ${{ matrix.os }}
runs-on: ${{ matrix.os }}

# MSDO runs on windows-latest.
# ubuntu-latest and macos-latest supporting coming soon
runs-on: windows-latest
strategy:
matrix:
os: [windows-latest, ubuntu-latest]

steps:

# Checkout your code repository to scan
- uses: actions/checkout@v3

# Install dotnet, used by MSDO
- uses: actions/setup-dotnet@v3
with:
dotnet-version: |
3.1.x
5.0.x
6.0.x

# Run analyzers
- name: Run Microsoft Security DevOps Analysis
uses: ./
Expand Down
43 changes: 0 additions & 43 deletions .github/workflows/sample-workflow-windows-latest.yml

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,33 +1,26 @@
name: MSDO ubuntu-latest
name: MSDO Sample Workflow
on:
push:
branches:
- main

jobs:
sample:
name: Microsoft Security DevOps Analysis
name: MSDO on ${{ matrix.os }}
runs-on: ${{ matrix.os }}

# MSDO runs on windows-latest.
# ubuntu-latest and macos-latest supporting coming soon
runs-on: ubuntu-latest
strategy:
matrix:
os: [windows-latest, ubuntu-latest]

steps:

# Checkout your code repository to scan
- uses: actions/checkout@v3

# Install dotnet, used by MSDO
- uses: actions/setup-dotnet@v3
with:
dotnet-version: |
3.1.x
5.0.x
6.0.x

# Run analyzers
- name: Run Microsoft Security DevOps Analysis
uses: microsoft/security-devops-action@preview
uses: microsoft/security-devops-action@v1
id: msdo

# Upload alerts to the Security tab
Expand Down
2 changes: 2 additions & 0 deletions .npmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
registry=https://registry.npmjs.org/
@microsoft:registry=https://npm.pkg.github.com/
20 changes: 4 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@ Microsoft Security DevOps (MSDO) is a command line application which integrates

Run locally. Run remotely.

![Microsoft Security DevOps windows-latest](https://github.com/microsoft/security-devops-action/workflows/MSDO%20windows-latest/badge.svg)
![Microsoft Security DevOps ubuntu-latest](https://github.com/microsoft/security-devops-action/workflows/MSDO%20ubuntu-latest/badge.svg)
![Microsoft Security DevOps](https://github.com/microsoft/security-devops-action/workflows/MSDO%20Sample%20Workflow/badge.svg)

This action runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) for security analysis:

Expand All @@ -17,10 +16,6 @@ This action runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget)
* Normalized processing of results into the SARIF format
* Build breaks and more

# Limitations

The Microsoft Security DevOps action is currently in beta and runs on the `windows-latest` queue, as well as Windows self hosted agents. `ubuntu-latest` support coming soon.

# Usage

See [action.yml](action.yml)
Expand All @@ -31,19 +26,12 @@ Run **Microsoft Security DevOps (MSDO)** with the default policy and recommended

```yaml
steps:

- uses: actions/checkout@v3
- uses: actions/setup-dotnet@v3
with:
dotnet-version: |
5.0.x
6.0.x

- name: Run Microsoft Security DevOps
uses: microsoft/security-devops-action@preview
uses: microsoft/security-devops-action@v1
id: msdo
- name: Upload results to Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.msdo.outputs.sarifFile }}
```

## Upload Results to the Security tab
Expand Down
29 changes: 0 additions & 29 deletions build.proj

This file was deleted.

24 changes: 24 additions & 0 deletions gulpfile.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
const gulp = require('gulp');
const shell = require('gulp-shell');
const ts = require('gulp-typescript');

const tsProject = ts.createProject('tsconfig.json');

function clean(cb) {
import('del')
.then((del) => del.deleteSync(['lib']))
.then(() => cb());
}

function compile(cb) {
tsProject
.src()
.pipe(tsProject()).js
.pipe(gulp.dest('lib'));
cb();
}

exports.clean = clean;
exports.compile = compile;
exports.build = gulp.series(clean, compile);
exports.default = exports.build;
Loading