Skip to main content
The following guide walks through how to set up Azure Pipelines to run both SCA and SAST scans.
  1. Choose New pipeline in upper right hand corner.
  2. Choose the appropriate repo type and select the desired repository.
  3. Choose Starter pipeline
    • Access the YAML pipeline editor within Azure Pipelines by following the YAML pipeline editor guide.
  4. Copy the relevant code snippet provided below into the Azure Pipelines YAML editor.
# SLS Scan pipeline

trigger: none # Define desired triggers.

pool:
  vmImage: ubuntu-latest

steps:
- task: Docker@2
  displayName: Login to ACR
  inputs:
    command: login
    containerRegistry: <insert registry service connection>
- script: |
    # SCA Scan
    docker pull tauruseer.azurecr.io/sca-scanner-pipeline:latest
    docker run -v $(pwd):/source tauruseer.azurecr.io/sca-scanner-pipeline:latest --scan-key=${SLS_SCAN_KEY}
    # SAST Scan
    docker pull tauruseer.azurecr.io/sast-scanner-pipeline:latest
    docker run -v $(pwd):/source tauruseer.azurecr.io/sast-scanner-pipeline:latest --scan-key=${SLS_SCAN_KEY}
  displayName: 'Run a SLS scan'
  env:
    SLS_SCAN_KEY: $(SLS_SCAN_KEY)
  1. Configure secrets for the following under Variables:
  • SLS_CLIENT_ID & SLS_CLIENT_SECRET - used to authenticate to Azure Container Registry and provided by SLS
  • SLS_SCAN_KEY - Can be found under Product Data Sources -> Start Left Scanner -> Scan Key (It is also available on the Asset details page.) The job will pass the SLS_SCAN_KEY to the scanner as an environment variable, taken from a secret Pipeline Variable. See the Azure DevOps documentation for more information on adding a secret Pipeline Variable.
  1. Save the code snippet.