From 5ed5dea6e53dc0babc5a170e94f571ef32313d29 Mon Sep 17 00:00:00 2001 From: Alexis Grant Date: Thu, 16 Jan 2025 17:43:44 -0800 Subject: [PATCH] Remove variable instructions from main snippet as they are separate now --- .../code_snippets/_azure-semgrep-app-sast.mdx | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/src/components/code_snippets/_azure-semgrep-app-sast.mdx b/src/components/code_snippets/_azure-semgrep-app-sast.mdx index fac4f599c..2bfe189bf 100644 --- a/src/components/code_snippets/_azure-semgrep-app-sast.mdx +++ b/src/components/code_snippets/_azure-semgrep-app-sast.mdx @@ -23,20 +23,3 @@ steps: env: SEMGREP_APP_TOKEN: $(SEMGREP_APP_TOKEN) ``` - -### Setting environment variables in Azure Pipelines - -Semgrep minimally requires setting the variable SEMGREP_APP_TOKEN in order to report results to the platform, and other variables may be helpful as well. - -1. Set up a [variable group](https://learn.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=classic) called `Semgrep_Variables`. -2. Set `SEMGREP_APP_TOKEN` in the variable group, following the steps for [secret variables](https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-secret-variables?view=azure-devops&tabs=yaml%2Cbash#set-a-secret-variable-in-a-variable-group). The variable is mapped into the `env` in the provided config. -3. Optional: Add these environment variables to the group if you aren't seeing hyperlinks to the code that generated a finding, or if you are not receiving PR or MR comments. These variables are not sensitive and do not need to be secret variables. Review the use of these variables at [Environment variables for creating hyperlinks in Semgrep AppSec Platform](https://semgrep.dev/docs/semgrep-ci/ci-environment-variables#environment-variables-for-creating-hyperlinks-in-semgrep-appsec-platform). - -* `SEMGREP_REPO_NAME` -* `SEMGREP_REPO_URL` -* `SEMGREP_BRANCH` -* `SEMGREP_COMMIT` -* `SEMGREP_JOB_URL` - -4. Set variables for diff-aware scanning. The provided config sets `SEMGREP_PR_ID` to the system variable `System.PullRequest.PullRequestId` and `SEMGREP_BASELINE_REF` to `origin/master` within the `script` section of the config. The value of `SEMGREP_BASELINE_REF` is typically your trunk or default branch, so if you use a different branch than master, update the name accordingly. as `main` or `master`. - * If you prefer not to implement diff-aware scanning, you can skip setting these variables and remove the `elif` section of the `script` step.