azure-pipelines/anchore-pipeline.yml

trigger: none
pr: none

pool:
  vmImage: 'ubuntu-latest'

variables:
  WebContainerImageName: eshopwebmvc
  WebContainerDockerfile: $(System.DefaultWorkingDirectory)/Application-Source-Code/src/Web/Dockerfile
  APIContainerImageName: eshoppublicapi
  dockerRegistryEndpoint: 'AzureContainerRegistry-DevSecOps'

stages:
- stage: QualityCheckStage
  displayName: Quality Check Stage
  jobs:
  - job: AnchoreJob
    displayName: Run Anchore Scan
    steps:
    # - template: templates/docker-compose-build.yml

    - script: |
        docker image pull node:19
      displayName: Pull Node Docker Image

    - task: Anchore@0
      displayName: Run Anchore Container Image Scan
      inputs:
        image: docker.io/library/node:19
        # customPolicyPath: '.anchore/policy.json'
        # dockerfile: $(WebContainerDockerfile)
        includeAppPackages: true
        printVulnerabilityReport: true
        failBuild: true
        debug: true

    # - script: |
    #     echo $(policyStatus)

    #     echo $(billOfMaterials)
    #     cat $(billOfMaterials)

    #     echo $(vulnerabilities)
    #     cat $(vulnerabilities)
    #   displayName: Output Scan Results
    #   condition: succeededOrFailed()

    # # Publish the Anchore report as an artifact to Azure Pipelines
    # - task: PublishBuildArtifacts@1
    #   displayName: 'Publish Artifact: Anchore Report'
    #   condition: succeededOrFailed()
    #   inputs:
    #     PathtoPublish: '$(System.DefaultWorkingDirectory)/anchore-reports/'
    #     ArtifactName: AnchoreReport