Skip to main content

Azure Pipelines Graph Mode Integration

img

Introduction

Integrate the Conviso Platform seamlessly into your Azure DevOps Pipelines to automate and streamline your security processes. This integration ensures thorough security assessments for your applications throughout the development lifecycle.

The Azure Pipelines is a CI/CD module of the Azure Devops platform. Through this module, it is possible to create automation routines with various tasks that are available on Azure's marketplace. Currently, the integration with Conviso consists of Bash-type tasks. Among the tasks are: the CLI command line interface (CLI available at PyPi).

Requirements

In order for the experience with Conviso's services to be complete, it is necessary to meet all the requirements below:

  1. Hosted Agent Pool (Ubuntu 22.04 or higher) with Docker installed or Agent Cloud Azure;

  2. External access (can be limited to Conviso's registry for SAST, Dockerhub and Conviso Platform).

First Steps

Given an Azure Devops project, to create a Welcome Pipeline you can follow the steps below:

  1. At the DevOps Project root, click at Pipelines;

  2. At the upper right menu, click at New Pipeline;

  3. Select the Use the classic editor to create a pipeline without YAML option;

  4. At Select your Repository step, select the platform where your code is hosted, the repository and the branch for pipeline execution and click at Continue;

  5. Select the Start with an Empty Job option;

  6. Rename the Agent Job 1 to Conviso Agent, selecting Agent Pool option as Azure Pipelines and Agent Specification option as ubuntu-latest;

  7. At Conviso Agent, click at the + icon to add a new task;

  8. Add a Bash type task, rename the Display Name to Install Conviso CLI and modify its type to Inline;

  9. You need to define an environment variable for CONVISO_API_KEY and set the value from Conviso Platform. It is important to set this variable as a secret.

  10. To configure Conviso AST, within the script field, add the code snippet presented below:

echo "Installing Conviso CLI..."
sudo pip3 install conviso-cli
conviso -k $(CONVISO_API_KEY) ast run

  1. Click at Save & Queue. The pipeline execution will begin in a few moments.

  2. The resulsts will be sent to Conviso Platform.

Troubleshooting

If authentication is not performed even when loading the CONVISO_API_KEY variable, make sure it is provided as environment variables for all tasks that use the CLI.

Discover Conviso Platform!