We are using Azuredevops Jfrog tasks to build our mvn/npm/gradle projectes and, using the below jfrog publish buildinfo and scan task to get the violation list. But as part of the same pipleine , we are planning for automated way (either by script or azuredevops task) to create a report in xray by including the pipeline used "sourceRepo" and the build socope of the same pipleine.
Tried the XRAY api options, but failed to to generate it dynamically as part of the pipeline with these dynamic scopes.
- task: JFrogPublishBuildInfo@1
name: publishBInfo
displayName: 'Publish Build Info to JFrog'
condition: succeeded()
inputs:
artifactoryConnection: 'myserviceconnection'
buildName: '$(Build.DefinitionName)'
buildNumber: '$(Build.BuildNumber)'
- task: JFrogBuildScan@1
enabled: false
name: xrayScan
displayName: 'Security Scan'
condition: succeeded()
inputs:
xrayConnection: 'myserviceconnection'
buildName: '$(Build.DefinitionName)'
buildNumber: '$(Build.BuildNumber)'
allowFailBuild: true
vuln: true
