I need to run snyk scan for Azure container and set it to fail only when there are new vulnerabilities found as compared to previous image
I did follow the snyk-delta document to configure task in azure but the tasks are getting failed.
suggestions are to use snyk cli to scan in the azure pipeline
not sure how to configure it
We want to add snyk-delta scan in out pipeline, add CLI script without using Snyk extension.
any suggestion to do this
Currently, we can use the snyk Security task to scan azure pipeline.
https://docs.snyk.io/integrations/ci-cd-integrations/azure-pipelines-integration/add-the-snyk-security-task-to-your-pipelines
And snyk cli, you can try: https://docs.snyk.io/more-info/getting-started/snyk-integrations/docker/scanning-with-the-docker-cli
Related
I need to install a bunch of artifacts in Azure portal. I accidentally tried to install an artifact that will definitely fail due to some permission etc. Now it fails and blocks any further artifacts to install. Please see the screenshot.
I googled, but only found people talking about deleting already installed artifacts, or how to resolve installing problem so they can go ahead installing that failed artifact again.
But here, this artifact will fail to install anyway, so I have to remove it from the to-be-install list.
How can I remove this artifact from the install list?
I tried to reproduce your scenario on my end and got below results:-
AFAIK, Applying artifacts to the VM is a one time manual process. And once the base Artifacts are applied and they fail, there’s no option for now to delete the failed artifacts as they are already deployed inside the VM OS. You can only inspect the reason behind the failure and create a new VM inside the lab with correct artifacts again. While creating a new VM you can choose to delete/add correct artifacts. Apart from azure Portal even Rest API’s do not yet support deleting applied artifacts from the VM refer below :-
https://learn.microsoft.com/en-us/rest/api/dtl/virtual-machines
Created one VM in the Dev-Test lab and applied Artifacts which failed during creation : -
In Portal there’s no option to delete the failed artifacts for now. But, You can inspect the reason behind the failure like below :-
Or Even find the logs in the Dev-test Lab’s storage account like below :-
You can create a new VM by adding correct artifacts like below :-
Reference :-
Azure DevTest lab VM artifacts - Stack Overflow by Erikson Bahr
I want to automatically deploy artifacts (custom python packages / .whl files) from the Azure DevOps artifact feed to a Synapse spark pool.
Currently I have to manually:
download the .whl file from the artifact feed
upload the .whl file to the synapse workspace
add the package/.whl to the packages of a spark pool (> "Select from workspace packages").
I have so far not found any option to do this as part of a release/pipeline in Azure DevOps or via the AzureCLI and also have not found any documentation on it. I was wondering whether anyone has found a solution concerning automating this step? It is quite cumbersome to have to do it manually.
PS: I already asked this question on the MS forum, but have gotten no official answer yet.
I managed to update the pool spark packages by using both the Download Packages task and the Azure CLI task in the release pipeline on devops.
First use the Download Packages task to download your feed to the pipeline $(System.DefaultWorkingDirectory) then use the Azure CLI to update the sparkpool.
In the Azure CLI task write in the inline command field the two following lines. Use the $(System.DefaultWorkingDirectory) as working directory, also I recommand to check the Use global Azure CLI configuration checkbox.
First command to upload your .whl to the workspace. Here is the doc
az synapse workspace-package upload --workspace-name yourworkspace --package yourpackage.whl
Then upload it to the pool spark. Here is the doc.
az synapse spark pool update --name yourpoolspark --workspace-name yourworkspace --resource-group yourresourcegroupe --package-action Add --package yourpackage.whl
Those two commands will add the package to your workspace and then upload it to the poolspark.
You can achieve the same things with the Azure Powershell task on a Windows agent. Here is the doc to explore : link.
Hope it will help you !
This question already has an answer here:
How to create new build pipeline using Azure DevOps REST API?
(1 answer)
Closed 2 years ago.
I was looking for a solution of creating automation process for creation of pipelines to eliminate all the manual process we do while creating a pipeline in Azure devops portal.
Example:
If i want to deploy my Python based application and it doesn't have any pipelines defined previously. I want to create a pipeline and deploy the app to the Azure server whole process should be done with out manual intervention.
You still need to create somehow your YAML file or use what you have already. Of course you can prepare some templates and reuse them and if you define folder structure for your project and you will keep it then you will minimize yoour manual tasks. Once you have your YAML file defines you can use for instance az cli command:
az pipelines create --name 'Your pipeline name' --description 'Your pipeline description' --repository https://github.com/your-repo --branch master --yml-path your-file-in-repo.yaml --org https://dev.azure.com/your-organizaton --project 'your project'
From what I see this is not possible to use REST API to define YAML pipelines. Please take a look here.
So if you use calssic build it will be possible to use REST API. You can take a look here.
POST https://dev.azure.com/{organization}/{project}/_apis/build/definitions?definitionToCloneId={definitionToCloneId}&definitionToCloneRevision={definitionToCloneRevision}&api-version=5.1
You can for instance indicate here which definition should be cloned as a base for your new build.
I am writing an automated test suite using powershell and the az cli. I need to be able to download the build pipeline artefacts from the last run of the pipeline to install and test the application. The problem is I need to know the run ID to be able to download the artefacts.
az pipelines runs artifact download --artifact-name "*Artifact Name*" --run-id **nnn** --path "c:\temp"
Is there anyway to find the last successful run ID? At present I look it up through the GUI so I know the download works as long as you use PublishPipelineArtifact and not PublishBuildArtifact due to a bug in the az cli.
You can change how azure pipelines creates the run ID and use a predictable format. https://learn.microsoft.com/en-us/azure/devops/pipelines/process/run-number
One way is to use --output json then you can just iterate over the runs and look up the finishTime field:
az pipelines runs list --org $org --project $project --pipeline-ids $pipelineID --output json
I'm sure if you put in enough time there's probably a way using query strings to get latest as well.
I have a problem on my build/release pipeline with Azure Container Reigstry.
I use a Azure Resource Group Deployment task to deploy Azure Container Registry (and other stuff) and it works perfectly.
I have the loginServer, username and password in output variables to reuse it.
Then I want to build and push image to ACR but I can't set the name of the registry (that I get from output variable) with a variable. I have to choose the registry when I setup the definition, but it is not created at this moment.
Is there a way to do this ?
As a workaround, I use the Azure Resource Group Deployment the create the registry and then I send output variables to a powershell script which build, tag and push my images to the registry.
If nobody has a better way, I think I will post a uservoice to change that.
When you say you use an Azure Resource Group Deployment task, are you referring to VSTS?
If you could provide more specific repro steps, I might be more helpful.
I'd also suggest you might take a look at https://aka.ms/acr/build as easy way to natively docker build images with your registry. ACR Build is now available in all regions and simplifies may of the experiences you may be hitting.
Daniel just made this post that helps with the VSTS integration: https://www.danielstechblog.io/building-arm-based-container-images-with-vsts-and-azure-container-registry-build/
Steve
Sorry for the delay, I was off the office.
I just retry to fix my problem and it seems that I can now enter a free text (and so, a release variable) to the VSTS docker task to specify the ACR I just created before with a Azure Resource Group Deployment task.
So no problem anymore.
Thank you for your response, I will take a look to ACR build :)
Bastien