Getting started with the Publish Security Analysis Logs build task

The Publish Security Analysis Logs build task enables customer to preserve secure static analysis log files from the build. The customer can choose between publishing artifacts to the Azure DevOps server, which are stored in Azure DevOps as a zip file, and publishing (copying) the files to a file share that is accessible from a private build agent.

Prerequisites:

1. You are using the Azure DevOps Build system.
2. The Microsoft Security Code Analysis Extension installed in your account.
3. At least one SecDevTools secure static analysis tool runs in the given build definition.

Setup:

1. Open your team project from your Azure DevOps Account.
2. Navigate to the Build tab under Build and Release
3. Select the Build Definition into which you wish to add the build task.
  • New - Click New and follow the steps detailed to create a new Build Definition.
  • Edit - Select the Build Definition. On the subsequent page, click Edit to begin editing the Build Definition.
4. Click + to navigate to the Add Tasks pane.
5. Find the Publish Security Analysis Log Files build task either from the list or using the search box and then click Add.
6. The Publish Security Analysis Logs build task should now be a part of the Build Definition. Add it after the publishing steps for your build artifacts.

Customizing the Publish Security Analysis Logs Build Task:

1. Click the Publish Security Analysis Logs task to see the different options available.
2. Choose Artifact name (any String Identifier)
3. Choose Artifact Type - you can publish logs to the Azure DevOps server or to a file share thatr is accessible to the build agent.
4. Tools - You can choose to preserve logs for individual/specific tools, or select "All Tools" to preserve all logs.

Microsoft Corporation 2017