From 87999e023e5670ad37bee12c774e33fd41f9a6ca Mon Sep 17 00:00:00 2001 From: boandron Date: Mon, 18 Sep 2023 16:29:59 -0700 Subject: [PATCH 1/3] Update default policy, and add messaging about CredScan deprecation --- src/MicrosoftSecurityDevOps/v1/index.ts | 1 + src/MicrosoftSecurityDevOps/v1/msdo.ts | 4 ++++ src/MicrosoftSecurityDevOps/v1/task.json | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/MicrosoftSecurityDevOps/v1/index.ts b/src/MicrosoftSecurityDevOps/v1/index.ts index afb7cfb..3f6508b 100644 --- a/src/MicrosoftSecurityDevOps/v1/index.ts +++ b/src/MicrosoftSecurityDevOps/v1/index.ts @@ -52,4 +52,5 @@ run().catch(error => { } else { tl.setResult(tl.TaskResult.Failed, error); } + tl.debug('Effective September 20th 2023, the Secret Scanning option (CredScan) within Microsoft Security DevOps (MSDO) Extension for Azure DevOps is deprecated. MSDO Secret Scanning is replaced by the Configure GitHub Advanced Security for Azure DevOps features - https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features#set-up-secret-scanning.'); }); \ No newline at end of file diff --git a/src/MicrosoftSecurityDevOps/v1/msdo.ts b/src/MicrosoftSecurityDevOps/v1/msdo.ts index 9a1fe8a..706f065 100644 --- a/src/MicrosoftSecurityDevOps/v1/msdo.ts +++ b/src/MicrosoftSecurityDevOps/v1/msdo.ts @@ -35,6 +35,10 @@ export class MicrosoftSecurityDevOps implements IMicrosoftSecurityDevOps { args.push('-p'); args.push(policy); } + } else { + // If the policy is not user defined, default to azuredevops + args.push('-p'); + args.push('azuredevops'); } let categoriesString: string = tl.getInput('categories'); diff --git a/src/MicrosoftSecurityDevOps/v1/task.json b/src/MicrosoftSecurityDevOps/v1/task.json index 5dd3e3e..701899e 100644 --- a/src/MicrosoftSecurityDevOps/v1/task.json +++ b/src/MicrosoftSecurityDevOps/v1/task.json @@ -3,7 +3,7 @@ "name": "MicrosoftSecurityDevOps", "friendlyName": "Microsoft Security DevOps", "description": "Run the Microsoft Security DevOps CLI for static analysis.", - "helpMarkDown": "Runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) for security analysis.", + "helpMarkDown": "Runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) for security analysis. Effective September 20th 2023, the Secret Scanning option (CredScan) within Microsoft Security DevOps (MSDO) Extension for Azure DevOps is deprecated. MSDO Secret Scanning is replaced by the [Configure GitHub Advanced Security for Azure DevOps features](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features#set-up-secret-scanning) offering.", "category": "Utility", "visibility": [ "Build" From 03a75929cbc7ef06ad3e6f9c816bd5d58e5676c7 Mon Sep 17 00:00:00 2001 From: boandron Date: Tue, 19 Sep 2023 12:02:15 -0700 Subject: [PATCH 2/3] PR feedback --- src/MicrosoftSecurityDevOps/v1/index.ts | 4 +++- src/MicrosoftSecurityDevOps/v1/task.json | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/MicrosoftSecurityDevOps/v1/index.ts b/src/MicrosoftSecurityDevOps/v1/index.ts index 3f6508b..bf71a40 100644 --- a/src/MicrosoftSecurityDevOps/v1/index.ts +++ b/src/MicrosoftSecurityDevOps/v1/index.ts @@ -52,5 +52,7 @@ run().catch(error => { } else { tl.setResult(tl.TaskResult.Failed, error); } - tl.debug('Effective September 20th 2023, the Secret Scanning option (CredScan) within Microsoft Security DevOps (MSDO) Extension for Azure DevOps is deprecated. MSDO Secret Scanning is replaced by the Configure GitHub Advanced Security for Azure DevOps features - https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features#set-up-secret-scanning.'); + console.log('------------------------------------------------------------------------------'); + console.log('Effective September 20th 2023, the Secret Scanning option (CredScan) within Microsoft Security DevOps (MSDO) Extension for Azure DevOps is deprecated. MSDO Secret Scanning is replaced by the Configure GitHub Advanced Security for Azure DevOps features - https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features#set-up-secret-scanning.'); + console.log('------------------------------------------------------------------------------'); }); \ No newline at end of file diff --git a/src/MicrosoftSecurityDevOps/v1/task.json b/src/MicrosoftSecurityDevOps/v1/task.json index 701899e..b6d9b13 100644 --- a/src/MicrosoftSecurityDevOps/v1/task.json +++ b/src/MicrosoftSecurityDevOps/v1/task.json @@ -51,8 +51,9 @@ "type": "pickList", "required": false, "helpMarkDown": "The name of a well known Microsoft policy. If no configuration is provided, the policy may instruct MSDO what tools to run. Default: microsoft", - "defaultValue": "microsoft", + "defaultValue": "azuredevops", "options": { + "azuredevops": "azuredevops", "microsoft": "microsoft", "none": "none" } From aa9e868d600725e06277787235363f3f7ffcd1ae Mon Sep 17 00:00:00 2001 From: boandron Date: Wed, 20 Sep 2023 12:04:54 -0700 Subject: [PATCH 3/3] Version bumps --- src/MicrosoftSecurityDevOps/v1/task.json | 2 +- src/extension-manifest-debug.json | 2 +- src/extension-manifest.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/MicrosoftSecurityDevOps/v1/task.json b/src/MicrosoftSecurityDevOps/v1/task.json index b6d9b13..a70d7bc 100644 --- a/src/MicrosoftSecurityDevOps/v1/task.json +++ b/src/MicrosoftSecurityDevOps/v1/task.json @@ -11,7 +11,7 @@ "author": "Microsoft Corporation", "version": { "Major": 1, - "Minor": 8, + "Minor": 9, "Patch": 0 }, "preview": true, diff --git a/src/extension-manifest-debug.json b/src/extension-manifest-debug.json index 2776f9f..e933442 100644 --- a/src/extension-manifest-debug.json +++ b/src/extension-manifest-debug.json @@ -2,7 +2,7 @@ "manifestVersion": 1, "id": "microsoft-security-devops-azdevops", "name": "Microsoft Security DevOps (Debug)", - "version": "1.8.0.0", + "version": "1.9.0.0", "publisher": "ms-securitydevops", "description": "Build tasks for performing security analysis.", "public": false, diff --git a/src/extension-manifest.json b/src/extension-manifest.json index 0c756f6..47804ac 100644 --- a/src/extension-manifest.json +++ b/src/extension-manifest.json @@ -2,7 +2,7 @@ "manifestVersion": 1, "id": "microsoft-security-devops-azdevops", "name": "Microsoft Security DevOps", - "version": "1.8.0", + "version": "1.9.0", "publisher": "ms-securitydevops", "description": "Build tasks for performing security analysis.", "public": true,