Skip to content

Commit

Permalink
[ci] Use managed identity for API scan. (#866)
Browse files Browse the repository at this point in the history 
Configures a new [managed identity][0] (MSI) for API Scan, which
allows us to enable a more modern authentication approach when running
API Scan on the `MAUI-1ESPT` agent pool.

A new `$(ApiScanMAUI1ESPTManagedId)` variable has been configured in the
pipeline settings to pass the app ID for this MSI to the API Scan task.

[0]: https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/resource/subscriptions/cd4829e2-e38b-43d2-8316-2f2009f36f97/resourcegroups/1esobjects/providers/microsoft.managedidentity/userassignedidentities/maui1esptapiscanidentity/overview
  • Loading branch information
@jpobst
jpobst authored Mar 27, 2024
1 parent 898d0d1 commit 94bea5d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion build/ci/api-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ steps:
toolVersion: Latest
condition: and(succeeded(), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
env:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanMAUI1ESPTManagedId)

- task: SdtReport@2
displayName: Guardian Export - Security Report
Expand Down

0 comments on commit 94bea5d

Please sign in to comment.