v1.7.1 - readme and small fixes (#53)

davidknise · web-flow · commit b77e16a8da44 · 2023-06-15T15:05:57.000-07:00
* Add node16 support

* DevOps Release v1.7.0

* Release v1.7.0

* Fix build directory.

* Onboard to github packages

* v1.7.0-beta.6 - decompress nuget server responses

* v1.7.0 - sign commit

* v1.7.1 - remove dependency requirement from readmes

* v1.7.1 - fix groupName advanced

* v1.7.1 - update wording

* Fix 'templateanalyzer'
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/README.md b/README.md
@@ -17,7 +17,6 @@ Add the `MicrosoftSecurityDevOps` build task to your pipeline's yaml:
 ```yaml
 steps:
 - task: MicrosoftSecurityDevOps@1
-  displayName: 'Run Microsoft Security DevOps'
 ```
 
 # Tools
diff --git a/scripts/.publishers/debug-publishers.json b/scripts/.publishers/debug-publishers.json
@@ -0,0 +1,10 @@
+{
+  "publisherName": "debug",
+  "publisher": "ms-secdevops-test",
+  "version": "1.7.1.0",
+  "mapping": {
+    "MicrosoftSecurityDevOps": "505fbc36-f364-4b95-b1c4-7a3fd78a6559"
+  },
+  "extensionId": "microsoft-security-devops-azdevops-debug",
+  "count": 0
+}
diff --git a/src/MicrosoftSecurityDevOps/v1/task.json b/src/MicrosoftSecurityDevOps/v1/task.json
@@ -12,7 +12,7 @@
     "version": {
         "Major": 1,
         "Minor": 7,
-        "Patch": 0
+        "Patch": 1
     },
     "preview": true,
     "minimumAgentVersion": "1.83.0",
@@ -50,23 +50,23 @@
             "type": "string",
             "required": false,
             "helpMarkDown": "A comma separated list of analyzer categories to run. Values: `secrets`, `code`, `artifacts`, `IaC`, `containers`. Example: `IaC,secrets`. Defaults to all.",
-            "group": "advanced"
+            "groupName": "advanced"
         },
         {
             "name": "languages",
             "label": "Languages",
             "type": "string",
             "required": false,
             "helpMarkDown": "A comma separated list of languages to analyze. Example: `javascript,typescript`. Defaults to all.",
-            "group": "advanced"
+            "groupName": "advanced"
         },
         {
             "name": "tools",
             "label": "Tools",
             "type": "string",
             "required": false,
-            "helpMarkDown": "A comma separated list of analyzer tools to run. Values: `bandit`, `binskim`, `eslint`, `template-analyzer`, `terrascan`, `trivy`.",
-            "group": "advanced"
+            "helpMarkDown": "A comma separated list of analyzer tools to run. Values: `bandit`, `binskim`, `eslint`, `templateanalyzer`, `terrascan`, `trivy`.",
+            "groupName": "advanced"
         },
         {
             "name": "break",
@@ -75,7 +75,7 @@
             "required": false,
             "helpMarkDown": "If checked, will fail this build step if any error level results are found.",
             "defaultValue": "false",
-            "group": "advanced"
+            "groupName": "advanced"
         },
         {
             "name": "publish",
@@ -84,16 +84,16 @@
             "required": false,
             "helpMarkDown": "If checked, will publish the output SARIF results file to the chosen pipeline artifact. Default: true",
             "defaultValue": "true",
-            "group": "advanced"
+            "groupName": "advanced"
         },
         {
             "name": "artifactName",
             "label": "Artifact Name",
             "type": "string",
             "required": false,
-            "helpMarkDown": "The name of the pipeline artifact to publish the SARIF result file to. Default: CodeAnalysisLogs</br>If left as \"CodeAnalysisLogs\", it integrates with the [SARIF Scans Tab](https://marketplace.visualstudio.com/items?itemName=sariftools.scans) viewing experience.",
+            "helpMarkDown": "The name of the pipeline artifact to publish the SARIF result file to. Default: CodeAnalysisLogs</br>\"CodeAnalysisLogs\" is required for integration with [Defender for DevOps](https://aka.ms/defender-for-devops).</br>If left as \"CodeAnalysisLogs\", it integrates with the [SARIF Scans Tab](https://marketplace.visualstudio.com/items?itemName=sariftools.scans) viewing experience.",
             "defaultValue": "CodeAnalysisLogs",
-            "group": "advanced"
+            "groupName": "advanced"
         }
     ],
     "instanceNameFormat": "Run Microsoft Defender for DevOps",
diff --git a/src/extension-manifest-debug.json b/src/extension-manifest-debug.json
@@ -2,7 +2,7 @@
   "manifestVersion": 1,
   "id": "microsoft-security-devops-azdevops",
   "name": "Microsoft Security DevOps (Debug)",
-  "version": "1.7.0.0",
+  "version": "1.7.1.0",
   "publisher": "ms-securitydevops",
   "description": "Build tasks for performing security analysis.",
   "public": false,
diff --git a/src/extension-manifest.json b/src/extension-manifest.json
@@ -2,7 +2,7 @@
   "manifestVersion": 1,
   "id": "microsoft-security-devops-azdevops",
   "name": "Microsoft Security DevOps",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "publisher": "ms-securitydevops",
   "description": "Build tasks for performing security analysis.",
   "public": true,
diff --git a/src/extension-readme.md b/src/extension-readme.md
@@ -10,29 +10,13 @@ An extension for Azure DevOps that contributes a build task to run the [Microsof
 * Normalized processing of results into the SARIF format
 * Build breaks and more
 
-## Dependencies
-
-* The `MicrosoftSecurityDevOps` build task depends on [.NET 6](https://dotnet.microsoft.com/en-us/download/dotnet/6.0).
-* The CredScan analyzer depends on [.NET 3.1](https://dotnet.microsoft.com/en-us/download/dotnet/3.1).
-
-Microsoft-hosted build agents ship with an included list of software. To see if your agent image comes with these pre-installed, [see here](https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops&tabs=yaml#software).
-
-To install these dependencies at runtime, run the following tasks before the `MicrosoftSecurityDevOps` task.
-```yaml
-- task: UseDotNet@2
-  displayName: 'Use dotnet 6.0'
-  inputs:
-    version: 6.0.x
-```
-
 ## Basic
 
 Add the `MicrosoftSecurityDevOps` build task to your pipeline's yaml:
 
 ```yaml
 steps:
 - task: MicrosoftSecurityDevOps@1
-  displayName: 'Run Microsoft Security DevOps'
 ```
 
 The `publish` input option is defaulted to true. If true, this will publish a [SARIF formatted](https://aka.ms/sarif) results file as a build artifact to `CodeAnalysisLogs/msdo.sarif`.
diff --git a/src/package-lock.json b/src/package-lock.json
diff --git a/src/package.json b/src/package.json
@@ -1,12 +1,12 @@
 {
     "name": "microsoft-security-devops-azdevops",
-    "version": "1.7.0",
+    "version": "1.7.1",
     "description": "Microsoft Security DevOps for Azure DevOps.",
     "author": "Microsoft Corporation",
     "license": "MIT",
     "repository": "https://github.com/microsoft/microsoft-security-devops-azdevops",
     "dependencies": {
-        "@microsoft/security-devops-azdevops-task-lib": "1.7.0-beta.7",
+        "@microsoft/security-devops-azdevops-task-lib": "1.7.0",
         "azure-pipelines-task-lib": "4.3.1",
         "azure-pipelines-tool-lib": "2.0.4"
     },
