prombouts/kics-pipeline.yml

## kics-pipeline.yml
###
# Example Azure DevOps pipeline accompanying blogpost: https://peterrombouts.nl/2021/05/13/static-code-analysis-of-infrastructure-as-code/
# Tested up until Kics.io version 1.4.9
###

trigger:
- none

pool:
  vmImage: 'ubuntu-20.04'

stages:
- stage: kics
  displayName: kics

  jobs:
  - job: runKics
    displayName: runKics
    steps:
      - script: |
          get_latest_kics_release() {
            curl --silent "https://api.github.com/repos/Checkmarx/kics/releases/latest" | jq -r .tag_name
          }

          OS=$(uname -s)
          LATEST_TAG=$(get_latest_kics_release)
          LATEST_VERSION=${LATEST_TAG#v}
          PACKAGE_NAME=kics_${LATEST_VERSION}_${OS}_x64.tar.gz
          TARGET_DIR=/home/vsts/kics

          mkdir -p ${TARGET_DIR}
          wget -q -c https://github.com/Checkmarx/kics/releases/download/${LATEST_TAG}/${PACKAGE_NAME} -O - | tar -xz -C ${TARGET_DIR}
          echo '--- START SCANNING $(PWD) ---'
          ${TARGET_DIR}/kics scan --no-progress -p $(PWD) -o $(PWD)

          TOTAL_SEVERITY_COUNTER=`jq -r .total_counter $(PWD)/results.json`
          SEVERITY_COUNTER_HIGH=`jq -r .severity_counters.HIGH $(PWD)/results.json`
          SEVERITY_COUNTER_MEDIUM=`jq -r .severity_counters.MEDIUM $(PWD)/results.json`
          SEVERITY_COUNTER_LOW=`jq -r .severity_counters.LOW $(PWD)/results.json`
          SEVERITY_COUNTER_INFO=`jq -r .severity_counters.INFO $(PWD)/results.json`
          echo "TOTAL SEVERITY COUNTER $TOTAL_SEVERITY_COUNTER"

          if [ "$SEVERITY_COUNTER_HIGH" -ge "1" ]; then
            echo "##vso[task.logissue type=error;]Please fix all $SEVERITY_COUNTER_HIGH HIGH SEVERITY COUNTERS";
            exit 1;
          fi

          if [ "$TOTAL_SEVERITY_COUNTER" -ge "1" ]; then
            echo "##vso[task.logissue type=warning;]Please review the output json for $TOTAL_SEVERITY_COUNTER issues";
          fi
	###
	# Example Azure DevOps pipeline accompanying blogpost: https://peterrombouts.nl/2021/05/13/static-code-analysis-of-infrastructure-as-code/
	# Tested up until Kics.io version 1.4.9
	###

	trigger:
	- none

	pool:
	vmImage: 'ubuntu-20.04'

	stages:
	- stage: kics
	displayName: kics

	jobs:
	- job: runKics
	displayName: runKics
	steps:
	- script: \|
	get_latest_kics_release() {
	curl --silent "https://api.github.com/repos/Checkmarx/kics/releases/latest" \| jq -r .tag_name
	}

	OS=$(uname -s)
	LATEST_TAG=$(get_latest_kics_release)
	LATEST_VERSION=${LATEST_TAG#v}
	PACKAGE_NAME=kics_${LATEST_VERSION}_${OS}_x64.tar.gz
	TARGET_DIR=/home/vsts/kics

	mkdir -p ${TARGET_DIR}
	wget -q -c https://github.com/Checkmarx/kics/releases/download/${LATEST_TAG}/${PACKAGE_NAME} -O - \| tar -xz -C ${TARGET_DIR}
	echo '--- START SCANNING $(PWD) ---'
	${TARGET_DIR}/kics scan --no-progress -p $(PWD) -o $(PWD)

	TOTAL_SEVERITY_COUNTER=`jq -r .total_counter $(PWD)/results.json`
	SEVERITY_COUNTER_HIGH=`jq -r .severity_counters.HIGH $(PWD)/results.json`
	SEVERITY_COUNTER_MEDIUM=`jq -r .severity_counters.MEDIUM $(PWD)/results.json`
	SEVERITY_COUNTER_LOW=`jq -r .severity_counters.LOW $(PWD)/results.json`
	SEVERITY_COUNTER_INFO=`jq -r .severity_counters.INFO $(PWD)/results.json`
	echo "TOTAL SEVERITY COUNTER $TOTAL_SEVERITY_COUNTER"

	if [ "$SEVERITY_COUNTER_HIGH" -ge "1" ]; then
	echo "##vso[task.logissue type=error;]Please fix all $SEVERITY_COUNTER_HIGH HIGH SEVERITY COUNTERS";
	exit 1;
	fi

	if [ "$TOTAL_SEVERITY_COUNTER" -ge "1" ]; then
	echo "##vso[task.logissue type=warning;]Please review the output json for $TOTAL_SEVERITY_COUNTER issues";
	fi