{"id":21392145,"url":"https://github.com/sysdiglabs/sysdig-azure-devops-task","last_synced_at":"2025-07-19T22:36:36.949Z","repository":{"id":249889009,"uuid":"832847323","full_name":"sysdiglabs/sysdig-azure-devops-task","owner":"sysdiglabs","description":null,"archived":false,"fork":false,"pushed_at":"2024-07-23T20:59:14.000Z","size":186,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-01-23T01:22:08.587Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sysdiglabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-23T20:56:02.000Z","updated_at":"2024-07-23T21:11:52.000Z","dependencies_parsed_at":null,"dependency_job_id":"9c1e001e-42e7-4fed-b557-be463a0ab370","html_url":"https://github.com/sysdiglabs/sysdig-azure-devops-task","commit_stats":null,"previous_names":["sysdiglabs/sysdig-azure-devops-task"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsysdig-azure-devops-task","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsysdig-azure-devops-task/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsysdig-azure-devops-task/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsysdig-azure-devops-task/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sysdiglabs","download_url":"https://codeload.github.com/sysdiglabs/sysdig-azure-devops-task/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243878411,"owners_count":20362432,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T13:39:18.163Z","updated_at":"2025-03-16T13:41:46.281Z","avatar_url":"https://github.com/sysdiglabs.png","language":"TypeScript","readme":"# Sysdig Secure Task Extension for Azure DevOps Pipelines\n\n[Sysdig Secure](https://sysdig.com/products/platform/) is a CNAPP Cloud Security Platform covering the following use cases\n* Cloud, Kuberenets \u0026 Container Detection and Response\n* Vulnerability Management\n* Posture Management\n* Permission \u0026 Entitlements\n\nThis extension provides integration with Sysdig Secure to scan container images for vulnerabilities within the Azure DevOps pipeline.\n\n**ONLY the image report is sent to Sysdig on completion of the scan.**\n\n## Pre-requisites\nYou will require a valid Sysdig Secure API token.\n\n## Task usage\n\n#### Default behaviour\n\nBy default, the task will simply scan a local image using [Sysdig Secure CLI](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/).\n\nThe task will output the policy results of the scan as well as send the reports to Sysdig Secure for review.\n\nUnder default behavior, the pipeline will not fail when the container does not pass the Sysdig Secure policy scan.\n\nExample yaml:\n\n```\n- task: Sysdig-CLI-Scan@0\n  inputs:\n    sysdigurl: 'https://app.us4.sysdig.com'\n    apikey: $(SYSDIG_API_TOKEN)\n    image: $(imageName)\n```\n\n\n### Failing the pipeline\n\nIn order to fail the pipeline when Sysdig Secure returns a `fail` based on the \nresults of the Sysdig Secure scan, set the `failBuild` option to `true`.\n\nExample yaml:\n\n```\n- task: Sysdig-CLI-Scan@0\n  inputs:\n    sysdigurl: 'https://app.us4.sysdig.com'\n    apikey: $(SYSDIG_API_TOKEN)\n    image: $(imageName)\n    verbose: true\n    failBuild: true\n```\n\n## Example azure-pipelines.yaml\n\nThe below provides an example of a local image build which integrates with Sysdig Secure\nto scan the image. It will also fail the build if the Sysdig Secure policy scan returns a `fail` result.\n\n```\ntrigger:\n- master\n\npool:\n  vmImage: ubuntu-latest\n\nvariables:\n- name: imageName\n  value: 'nginx:latest'\n  readonly: true\n- group: sysdig\n# Define proxy environment variables\n# Proxy variables will be used by the task and the CLI itself to perform network calls via proxy\n# For some steps different proxies are required, for instance the CLI download is only performed via HTTPS\n- name: HTTP_PROXY\n  value: 'http://proxy:8080'\n- name: HTTPS_PROXY\n  value: 'http://proxy:443'\n- name: NO_PROXY\n  value: '*'\n\nsteps:\n- task: DockerInstaller@0\n  inputs:\n    dockerVersion: '17.09.0-ce'\n\n- script:  docker pull $(imageName)\n  ## workingDirectory: $(Build.SourcesDirectory)/front-end/myAppFront/\n  displayName: 'Docker Pull'\n\n- task: Sysdig-CLI-Scan@1\n  displayName: Sysdig CLI Scan\n  inputs:\n    sysdigurl: 'https://app.us4.sysdig.com'\n    apikey: $(SYSDIG_API_TOKEN)\n    image: $(imageName)\n    verbose: true\n    jsonOutput: true\n    jsonOutputFile: 'sysdig-cli-scan-output.json'\n    sysdigCliScannerVersion: '1.6.0'\n    policy: my_custom_policy,my-custom-policy-ab\n\n- task: PublishBuildArtifacts@1\n  inputs:\n    PathtoPublish: '$(System.DefaultWorkingDirectory)/output.html' # Path to the file or folder\n    ArtifactName: 'html_report' # Name of the artifact\n    publishLocation: 'Container' # Options: container, filePath\n\n- task: PublishBuildArtifacts@1\n  inputs:\n    PathtoPublish: '$(System.DefaultWorkingDirectory)/sysdig-cli-scan-output.json' # Path to the file or folder\n    ArtifactName: 'json_report' # Name of the artifact\n    publishLocation: 'Container' # Options: container, filePath\n```\n\n## Task Inputs\n## Mandatory Inputs\n\n- **Sysdig Secure SaaS Region (`sysdigurl`)**: The region URL for Sysdig Secure. Must be one of the following:\n  - US East (`https://secure.sysdig.com`)\n  - US West (`https://us2.app.sysdig.com`)\n  - US West - GCP (`https://app.us4.sysdig.com`)\n  - European Union (`https://eu1.app.sysdig.com`)\n  - Asia Pacific (`https://app.au1.sysdig.com`)\n  - Default: `https://secure.sysdig.com`\n\n- **Sysdig Secure API Token (`apikey`)**: Your Sysdig Secure API token for authentication.\n\n- **Full Image Tag to Scan (`image`)**: The full tag of the image to be scanned, in the format `\u003crepo/image:tag\u003e`. Default: `$(imageName):$(tag)`\n\n## Optional Inputs\n\n- **Fail Build (`failBuild`)**: Whether to fail the build if the policy evaluation fails. Default: `false`\n\n- **Skip TLS Verification (`skipTLS`)**: Whether to skip TLS verification when calling Sysdig endpoints and downloading Sysdig binary. Default: `false`,  \n\n- **Verbose Logging Output (`verbose`)**: Enables more verbose logging output from the Sysdig CLI Scanner. Default: `false`,  \n\n- **Output Full Vulnerability Table (`fullVulnsTable`)**: Outputs the full vulnerability table in the console output. Default: `false`,  \n\n- **JSON Output (`jsonOutput`)**: Whether to export the JSON result file to `$(System.DefaultWorkingDirectory)/sysdig-cli-scan-output.json`. Default: `true`,  \n\n- **JSON Output File (`jsonOutputFile`)**: The file name to export the JSON result to. This will be ignored if `jsonOutput` is `false`. Default: `sysdig-cli-scan-output.json`,    \n\n- **Sysdig CLI Scanner Version (`sysdigCliScannerVersion`)**: The version of the Sysdig CLI Scanner to use. Will use the latest version if not specified. Default: `latest`,  \n\n- **Policy (`policy`)**: Policy to evaluate in the pipeline execution. If not specified, only the Always Apply policy will be evaluated. Default: `null`,  \n\n## More Information\nFor documentation on Sysdig Secure, including policy and capabilities see the [Sysdig Secure Documentation](https://docs.sysdig.com/en/docs/sysdig-secure/)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Fsysdig-azure-devops-task","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsysdiglabs%2Fsysdig-azure-devops-task","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Fsysdig-azure-devops-task/lists"}