Azure DevOps Integration

Set up Invicti AppSec with Azure Pipelines for automated security scanning.

Azure

Azure pipeline that contains SAST scan & SCA import

1. Trigger

The pipeline is triggered when changes are made to the master branch.

2. Pick Image

Run pipeline on an Ubuntu virtual machine.

3. Set up the Kondukto CLI (KDT)

Install the Kondukto CLI using a curl command and sudo.

4. Start a SAST scan via KDT

Run a static application security testing (SAST) scan against the repository specified by the environment variable $(build.repository.name) using the Veracode tool, and the branch specified by $(build.sourceBranch).

5. Import Dependency Check Results via KDT

Import the results from a JSON file named dependency-check-results.json into Kondukto.

YAML

1trigger:
2- master
3 
4pool:
5vmImage: ubuntu-latest
6 
7steps:
8- script: |
9    curl -sSL https://cli.kondukto.io | sudo sh
10  displayName: 'Set up the Kondukto CLI (KDT)'
11 
12- script: |
13    kdt --host=$(KONDUKTO_HOST) --token=$(KONDUKTO_TOKEN) \
14      scan -p $(build.repository.name) \
15      -t veracode \
16      -b $(build.sourceBranch)
17  displayName: 'Start a SAST scan via KDT'
18 
19- script: |
20    kdt --host=$(KONDUKTO_HOST) --token=$(KONDUKTO_TOKEN) \
21      scan -p $(build.repository.name) \
22      -t dependencycheck \
23      -f dependency-check-results.json \
24      -b $(build.sourceBranch)
25  displayName: 'Import depcheck results to Kondukto'

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Azure

Need help?​

Need help?