{"id":15827464,"url":"https://github.com/wellwind/azuredevops-extension-horusec-scan","last_synced_at":"2025-04-01T10:35:33.129Z","repository":{"id":82780359,"uuid":"586431088","full_name":"wellwind/azuredevops-extension-horusec-scan","owner":"wellwind","description":null,"archived":false,"fork":false,"pushed_at":"2023-01-08T08:56:28.000Z","size":567,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-12T10:17:13.521Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wellwind.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-08T05:16:49.000Z","updated_at":"2023-01-08T05:28:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"52764a34-13e8-4fb6-9903-58917c0b0a43","html_url":"https://github.com/wellwind/azuredevops-extension-horusec-scan","commit_stats":{"total_commits":4,"total_committers":1,"mean_commits":4.0,"dds":0.0,"last_synced_commit":"c88f62c9ed76f89bd43386f1b519d0dc7c6f0dd2"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wellwind%2Fazuredevops-extension-horusec-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wellwind%2Fazuredevops-extension-horusec-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wellwind%2Fazuredevops-extension-horusec-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wellwind%2Fazuredevops-extension-horusec-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wellwind","download_url":"https://codeload.github.com/wellwind/azuredevops-extension-horusec-scan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246627458,"owners_count":20808101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-05T10:05:31.835Z","updated_at":"2025-04-01T10:35:33.104Z","avatar_url":"https://github.com/wellwind.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"Horusec Scan Task\n===\n\n[English Doc](https://github.com/wellwind/azuredevops-extension-horusec-scan/blob/main/README.md) | [中文說明](https://github.com/wellwind/azuredevops-extension-horusec-scan/blob/main/README.zh-TW.md)\n\nAdd the [Horusec](https://horusec.io/site/) scan results to the pipeline. Horusec is an open source tool that performs static code analysis to identify security flaws.\n\nAgent Pool\n---\n\nIt is recommended to use a Linux agent pool (e.g. `ubuntu-latest`).\n\nWindows agent pool can also be used, but it may encounter some container issues and may not be able to use all the tools for scanning.\n\nIf you are currently using a Windows agent, you can add a new Linux agent job:\n\n![Mutiple Agent Jobs](images/mutiple-agent-job.png)\n\nfor YAML reference:\n\n```yaml\njobs:\n - job:\n displayName: 'Windows Job: Build Validation'\n pool:\n vmImage: windows-latest\n - job:\n displayName: 'Linux Job: Horusec Scan'\n pool:\n vmImage: ubuntu-latest\n steps:\n - task: MikeHuang.horusec-scan-task.horusec-scan-task.herusec-scan@0\n displayName: 'Horusec Scan Scan: $(Build.SourcesDirectory)'\n inputs:\n projectPath: '$(Build.SourcesDirectory)'\n sarifReportPath: '$(Build.ArtifactStagingDirectory)/horusec-report.sarif'\n sarifPathConvert: true\n - task: PublishBuildArtifacts@1\n displayName: 'Publish Artifact: CodeAnalysisLogs'\n inputs:\n PathtoPublish: '$(Build.ArtifactStagingDirectory)/horusec-report.sarif'\n ArtifactName: CodeAnalysisLogs\n```\n\nReport\n---\n\nIf you use the default options, the Herusec scan result will be displayed as text in the console.\n\nIf you want to output as a [SARIF](https://sarifweb.azurewebsites.net/) report, you can specify the `sarifReportPath` path.\n\nThe generated SARIF file will only contain the path of the scanned file by default. You can check the `sarifPathConvert` option to convert the path to the corresponding path in the Azure Repo.\n\n![Report Setting](images/task-report-setting.png)\n\nWe recommended to install the [SARIF SAST Scans Tab](https://marketplace.visualstudio.com/items?itemName=sariftools.scans) extension to view the SARIF report. Just publish the artifact with the Artifact name `CodeAnalysisLogs`.\n\n![Publish CodeAnalysisLogs](images/publish-code-analysis-logs.png)\n\nYou can then see the scan results in the `Scan` tab.\n\n![Horusec Scan Result](images/horusec-scan-result.png)\n\nRelated Links\n---\n\n* Horusec: \u003chttps://horusec.io/site/\u003e\n* SARIF SAST Scans Tab: \u003chttps://marketplace.visualstudio.com/items?itemName=sariftools.scans\u003e\n* Extension Icon From: [FlatIcon](https://www.flaticon.com/free-icons/shield)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwellwind%2Fazuredevops-extension-horusec-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwellwind%2Fazuredevops-extension-horusec-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwellwind%2Fazuredevops-extension-horusec-scan/lists"}