After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Azure Pipeline.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Create Azure pipeline configuration file
Save your pipeline configuration file into your repo at root folder with filename azure-pipelines.yml.
1 pool:
2 vmImage: 'ubuntu-latest'
3
4 jobs:
5- job: build_and_test
6 displayName: 'AZ Security Scanning'
7 steps:
8 - checkout: self
9 - script: |
10 docker login -u $(DOCKER_USERNAME) -p $(DOCKER_TOKEN)
11 docker pull armourzero/pipe-scan-dev:latest || true
12 docker run -v "$(System.DefaultWorkingDirectory):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$(AZ_TOKEN)" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$(Build.SourceBranch)" --repo="$BUILD_REPOSITORY_NAME" --runEnv="demo"
13 displayName: 'Run Security Test'
14
15
Step 3: Follow this video to Create & configure Pipeline in your Azure Pipeline repository.
Azure DevOps may automatically detect your project and suggest a pipeline configuration. If not, you can choose a pipeline template or configure it manually.
Choose the repository where your project is hosted (GitHub, Bitbucket, GitLab, etc.).
4. Follow this video to Add Pipeline Variables.
In the pipeline settings, go to the "Variables" section. Add two variables named AZ_TOKEN with your ArmorZero API key.
5. Monitor Builds
Navigate to the "Pipelines" section in Azure DevOps. You'll see your pipeline runs with detailed logs and statuses.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.