DEV Community

Cover image for Scan your code in CI/CD using Security Code Scan
Antoine
Antoine

Posted on

Scan your code in CI/CD using Security Code Scan

Photo by Adi Goldstein on Unsplash

The issue

Recently i came across the following post describing tools we can use to audit our code.

SecurityCodeScan and DevSkim were promising but DevSkimseems to be only compatible with .net core 3.1 Application.

So we tried SecurityCodeScan and are satisfied with it.
But we want to integrate it in our Azure DevOps pipeline but the task available seems to be only for TFS on Premise.

Integration

As suggested in this issue, we just had to add a script to inject the dependency in our .csproj before the build to perform analysis without impacting local dev.

REM @Echo off

FOR /R %~dp0 %%f in (*.csproj) do  ( 
    CALL dotnet add %%~ff package SecurityCodeScan --version 3.5.3 
)

A page helped me with the syntax for the FOR loop.

%~dp0 refers to the directory the script is.

Hope this help !

Top comments (0)