Azure DevOps

Azure DevOps

Following is a sample code segment that can be configured in azure-pipelines.yml file to perform a SAST scan.

Note: Make sure to update the parameters in the sample code according to your environment before using it.

trigger:
— main
pool:
vmImage: ubuntu-latest

steps:
–task: Bash@3
displayName: Install_Run_SAST
inputs:
targetType: 'inline'
script: |
env | grep -E "AZURE_HTTP_USER_AGENT|BUILD_BUILDID" > /tmp/env
docker pull registry.fortidevsec.forticloud.com/fdevsec_sast:latest
docker run --rm --env-file /tmp/env --mount type=bind,source="$PWD",target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest

Following is a sample code segment that can be configured in azure-pipelines.yml file to perform a DAST scan.

trigger:
— main
pool:
vmImage: ubuntu-latest

steps:
–task: Bash@3
displayName: Install_Run_DAST
inputs:
targetType: 'inline'
script: |
env | grep -E "AZURE_HTTP_USER_AGENT|BUILD_BUILDID" > /tmp/env
docker pull registry.fortidevsec.forticloud.com/fdevsec_dast:latest
docker run --rm --env-file /tmp/env --mount type=bind,source="$PWD",target=/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest

Azure DevOps

Following is a sample code segment that can be configured in azure-pipelines.yml file to perform a SAST scan.

Note: Make sure to update the parameters in the sample code according to your environment before using it.

       docker run --rm  --env-file /tmp/env --mount type=bind,source="$PWD",target=/scan  registry.fortidevsec.forticloud.com/fdevsec_sast:latest

Following is a sample code segment that can be configured in azure-pipelines.yml file to perform a DAST scan.

        docker run --rm --env-file /tmp/env --mount type=bind,source="$PWD",target=/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest

User Guide

Azure DevOps

Azure DevOps