AdvancedSecurity-Publish@1 - Advanced Security Publish Results v1 task

Combines SARIF file(s) produced by code scanning tool(s), enhances the combined SARIF file, and publishes the enhanced SARIF file to the Advanced Security service.

Note

This task publishes the SARIF files produced by non-Microsoft tasks to Code Scanning for GitHub Advanced Security. Currently, this task works with the Infrastructure-as-Code Scanning Tasks Extension tasks. For more information, see Infrastructure‐as‐Code Scanning.

This task isn't needed when using GitHub Advanced Security for Azure DevOps tasks like AdvancedSecurity-Dependency-Scanning@1 or AdvancedSecurity-Codeql-Analyze@1.

Syntax

# Advanced Security Publish Results v1
# Combines SARIF file(s) produced by code scanning tool(s), enhances the combined SARIF file, and publishes the enhanced SARIF file to the Advanced Security service.
- task: AdvancedSecurity-Publish@1
  inputs:
    #SarifsInputDirectory: # string. SARIF(s) Input Directory. 
    #Category: # string. Category. 
    #WaitForProcessing: false # boolean. Enable Wait for Processing. Default: false.
    #WaitForProcessingInterval: '5' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Time Interval. Default: 5.
    #WaitForProcessingTimeout: '120' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Timeout. Default: 120.

Inputs

SarifsInputDirectory - SARIF(s) Input Directory
string.

Path to the directory containing the SARIF file(s) that need to be combined, enhanced, and published to Advanced Security. When not specified, the task will look for SARIF file(s) in pre-determined locations.


Category - Category
string.

Category to associate scan results with when enhancing the SARIF file(s) before publishing to Advanced Security. The category of scan results helps distinguish between different types of scan results. Use this field when publishing SARIF file(s) produced by tools other than CodeQL. When publishing SARIF file(s) produced by CodeQL, there is no need to specify a category, and if one is specified, it will be ignored by the task.


WaitForProcessing - Enable Wait for Processing
boolean. Default value: false.

Wait for Advanced Security to process published SARIF file before completing.


WaitForProcessingInterval - Wait for Processing Time Interval
string. Optional. Use when WaitForProcessing = true. Default value: 5.

Time, in seconds, to wait between each call to Advanced Security to check SARIF processing status.


WaitForProcessingTimeout - Wait for Processing Timeout
string. Optional. Use when WaitForProcessing = true. Default value: 120.

Time, in seconds, to wait for Advanced Security to process SARIF file before completing.


Task control options

All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.

Output variables

None.

Remarks

This task publishes the SARIF files produced by non-Microsoft tasks to Code Scanning for GitHub Advanced Security. Currently, this task works with the Infrastructure-as-Code Scanning Tasks Extension tasks. For more information, see Infrastructure‐as‐Code Scanning.

This task isn't needed when using GitHub Advanced Security for Azure DevOps tasks like AdvancedSecurity-Dependency-Scanning@1 or AdvancedSecurity-Codeql-Analyze@1.

Requirements

Requirement Description
Pipeline types YAML, Classic build, Classic release
Runs on Agent, DeploymentGroup
Demands None
Capabilities This task does not satisfy any demands for subsequent tasks in the job.
Command restrictions Any
Settable variables Any
Agent version All supported agent versions.
Task category Build