diff --git a/src/MicrosoftSecurityDevOps/v1/index.ts b/src/MicrosoftSecurityDevOps/v1/index.ts index afb7cfb..bf71a40 100644 --- a/src/MicrosoftSecurityDevOps/v1/index.ts +++ b/src/MicrosoftSecurityDevOps/v1/index.ts @@ -52,4 +52,7 @@ run().catch(error => { } else { tl.setResult(tl.TaskResult.Failed, error); } + console.log('------------------------------------------------------------------------------'); + console.log('Effective September 20th 2023, the Secret Scanning option (CredScan) within Microsoft Security DevOps (MSDO) Extension for Azure DevOps is deprecated. MSDO Secret Scanning is replaced by the Configure GitHub Advanced Security for Azure DevOps features - https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features#set-up-secret-scanning.'); + console.log('------------------------------------------------------------------------------'); }); \ No newline at end of file diff --git a/src/MicrosoftSecurityDevOps/v1/msdo.ts b/src/MicrosoftSecurityDevOps/v1/msdo.ts index 9a1fe8a..706f065 100644 --- a/src/MicrosoftSecurityDevOps/v1/msdo.ts +++ b/src/MicrosoftSecurityDevOps/v1/msdo.ts @@ -35,6 +35,10 @@ export class MicrosoftSecurityDevOps implements IMicrosoftSecurityDevOps { args.push('-p'); args.push(policy); } + } else { + // If the policy is not user defined, default to azuredevops + args.push('-p'); + args.push('azuredevops'); } let categoriesString: string = tl.getInput('categories'); diff --git a/src/MicrosoftSecurityDevOps/v1/task.json b/src/MicrosoftSecurityDevOps/v1/task.json index 5dd3e3e..a70d7bc 100644 --- a/src/MicrosoftSecurityDevOps/v1/task.json +++ b/src/MicrosoftSecurityDevOps/v1/task.json @@ -3,7 +3,7 @@ "name": "MicrosoftSecurityDevOps", "friendlyName": "Microsoft Security DevOps", "description": "Run the Microsoft Security DevOps CLI for static analysis.", - "helpMarkDown": "Runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) for security analysis.", + "helpMarkDown": "Runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) for security analysis. Effective September 20th 2023, the Secret Scanning option (CredScan) within Microsoft Security DevOps (MSDO) Extension for Azure DevOps is deprecated. MSDO Secret Scanning is replaced by the [Configure GitHub Advanced Security for Azure DevOps features](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features#set-up-secret-scanning) offering.", "category": "Utility", "visibility": [ "Build" @@ -11,7 +11,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 8, + "Minor": 9, "Patch": 0 }, "preview": true, @@ -51,8 +51,9 @@ "type": "pickList", "required": false, "helpMarkDown": "The name of a well known Microsoft policy. If no configuration is provided, the policy may instruct MSDO what tools to run. Default: microsoft", - "defaultValue": "microsoft", + "defaultValue": "azuredevops", "options": { + "azuredevops": "azuredevops", "microsoft": "microsoft", "none": "none" } diff --git a/src/extension-manifest-debug.json b/src/extension-manifest-debug.json index 2776f9f..e933442 100644 --- a/src/extension-manifest-debug.json +++ b/src/extension-manifest-debug.json @@ -2,7 +2,7 @@ "manifestVersion": 1, "id": "microsoft-security-devops-azdevops", "name": "Microsoft Security DevOps (Debug)", - "version": "1.8.0.0", + "version": "1.9.0.0", "publisher": "ms-securitydevops", "description": "Build tasks for performing security analysis.", "public": false, diff --git a/src/extension-manifest.json b/src/extension-manifest.json index 0c756f6..47804ac 100644 --- a/src/extension-manifest.json +++ b/src/extension-manifest.json @@ -2,7 +2,7 @@ "manifestVersion": 1, "id": "microsoft-security-devops-azdevops", "name": "Microsoft Security DevOps", - "version": "1.8.0", + "version": "1.9.0", "publisher": "ms-securitydevops", "description": "Build tasks for performing security analysis.", "public": true,