Azure Pipelines is supported with GitHub, Bitbucket, or GitLab repositories
To configure CI secret scanning for Azure Pipelines, you will need to create two pipeline variables and create or add to your yaml pipeline script.
Note: This CI integration supports scanning of pull requests.
Create Variables:
The following two pipeline variables need to be created whether you are creating a new pipeline or using an existing pipeline:
Name: BLUBRACKET_INTEGRATION_KEY
Value: Create a BluBracket Integration API token
Steps to create a BluBracket API token:
https://support.blubracket.com/hc/en-us/articles/4403018405140-Event-and-Alert-APIs
Name: BLUBRACKET_CI_CD_API
Value: https://[your BluBracket tenant name]/api/analyzer/commit/scan
Example: https://acme.blubracket.com/api/analyzer/commit/scan
Pipeline Script:
The following should be added to your pipeline script:
trigger: branches: include: - main pr: branches: include: - main pool: vmImage: 'ubuntu-18.04' jobs: - job: Build timeoutInMinutes: 15 workspace: clean: all steps: - task: Bash@3 displayName: 'Run BluBracket Secret Scan' inputs: targetType: 'inline' script: | set -ax docker run \ -e SYSTEM_PULLREQUEST_PULLREQUESTNUMBER="${SYSTEM_PULLREQUEST_PULLREQUESTNUMBER}" \ -e BLUBRACKET_CI_CD_API="${BLUBRACKET_CI_CD_API}" \ -e BLUBRACKET_CI_CD_TOKEN="${BLUBRACKET_INTEGRATION_KEY}" \ -e BUILD_REPOSITORY_URI="${BUILD_REPOSITORY_URI}" \ blubracket/ci-cd-scan:latest env: BLUBRACKET_CI_CD_API: $(BLUBRACKET_CI_CD_API) BLUBRACKET_INTEGRATION_KEY: $(BLUBRACKET_INTEGRATION_KEY) condition: eq(variables['Build.Reason'], 'PullRequest')
Comments
0 comments
Please sign in to leave a comment.