Update azure-pipelines.yml for Azure Pipelines (#6)

ShiftLeftSecurity · Mar 26, 2020 · f9981e6 · f9981e6
1 parent 1b35f36
commit f9981e6
Showing 1 changed file with 2 additions and 9 deletions.
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -1,8 +1,3 @@
-# Maven
-# Build your Java project and run tests with Apache Maven.
-# Add steps that analyze code, save build artifacts, deploy, and more:
-# https://docs.microsoft.com/azure/devops/pipelines/languages/java
-
 trigger:
 - master
 
@@ -19,8 +14,6 @@ steps:
     jdkArchitectureOption: 'x64'
     publishJUnitResults: false
     goals: 'compile'
-- script: docker pull quay.io/appthreat/sast-scan
-  displayName: "ShiftLeft Scan"
 - script: |
     docker run -e "WORKSPACE=https://github.com/ShiftLeftSecurity/tarpit-java/blob/$(Build.SourceVersion)" \
       -e "REPOSITORY_URL=$(Build.Repository.Uri)" \
@@ -29,11 +22,11 @@ steps:
       -e "BRANCH=$(Build.SourceBranch)" \
       -v $(Build.SourcesDirectory):/app \
       -v $(Build.ArtifactStagingDirectory):/reports \
-      quay.io/appthreat/sast-scan scan --src /app \
+      shiftleft/sast-scan scan --src /app \
       --out_dir /reports/CodeAnalysisLogs
   displayName: "Perform ShiftLeft scan"
   continueOnError: "true"
-# To integrate with the SARIF Azure DevOps Extension it is necessary to publish the CodeAnalysisLogs folder
+# To integrate with the ShiftLeft Scan Extension it is necessary to publish the CodeAnalysisLogs folder
 # as an artifact with the same name
 - task: PublishBuildArtifacts@1
   displayName: "Publish analysis logs"