Skip to content

/ Compliance

MIT License
0 stars 2 forks
Star
Watch
master
3 branches 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
template-compliance
 
 
EsrpSign.yml
 
 
LICENSE
 
 
README.md
 
 
assembly-module-compliance.yml
 
 
ci-compliance.yml
 
 
script-module-compliance.yml
 
 

README.md

Compliance task library

Contents of this repository are intended for internal Microsoft use.

This repository contains Azure DevOPS YAML template for the compliance tasks needed for release products. The step templates can be included in the repository using multi-checkout.

The following sample shows how the templates can be included in your release YAML.

  1. Create a repository resource and a service connection to connect to this repository.

    resources:
  repositories:
  - repository: ComplianceRepo
    type: github
    endpoint: ComplianceGHRepo
    name: PowerShell/compliance

  2. In the compliance stage, checkout self repo and the compliance repo.

    - stage: compliance
  displayName: Compliance
  dependsOn: Build
  jobs:
  - job: Compliance_Job
      pool:
      name: Package ES CodeHub Lab E
      steps:
      - checkout: self
      - checkout: ComplianceRepo

  3. Pick one of the three composed templates,

    • assembly-module-compliance.yml - for running compliance for projects generating an assembly.
    • script-module-compliance.yml - for running compliance for projects generating a script module.
    • ci-compliance.yml - for running compliance as part of CI builds.

  4. Call the template from this repo in your yaml file and specify the values for the parameters.

    - template: assembly-module-compliance.yml@ComplianceRepo
    parameters:
        # binskim
        AnalyzeTarget: '$(Pipeline.Workspace)/*.dll'
        AnalyzeSymPath: 'SRV*'
        # component-governance
        sourceScanPath: '$(Build.SourcesDirectory)'
        # credscan
        suppressionsFile: ''
        # TermCheck
        optionsRulesDBPath: ''
        optionsFTPath: ''
        # tsa-upload
        codeBaseName: 'PSPager_202007'
        # selections
        APIScan: false # set to false when not using Windows APIs.

ESRP Template Example

** Requires on-boarding, see the wiki in the internal PowerShell Maintainers teams channel **

Make sure to create the variable group named ESRP and make it available to the pipeline. Details can be found in the PowerShell Maintainers teams channel's Wiki tab.

  1. Call the template from this repo in your yaml file and specify the values for the parameters.

    - template: EsrpSign.yml@ComplianceRepo
    parameters:
       # the folder which contains the binaries to sign
       buildOutputPath: $(signSrcPath)
       # the location to put the signed output
       signOutputPath: $(signOutPath)
       # the certificate ID to use
       certificateId: "CP-230012"
       # the file pattern to use, comma separated
       pattern: '*.dll,*.psd1,*.psm1,*.ps1xml,*.mof'

About

No description, website, or topics provided.

Resources

Readme

License

MIT License

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  
You can’t perform that action at this time.