Integrate with Azure Pipelines

Overview

Integrating Bridgecrew with Azure DevOps Pipelines allows you to scan your local Terraform and AzureRM templates as part of your normal CI / CD pipeline (e.g., on each commit, or on each merge) and report any violations to the Bridgecrew console, and, optionally, cause a build to fail.

In Bridgecrew

Get API Token

From Integrations, select API Token and copy the API key. Save the key in a Gitlab environment variable.

In Azure DevOps

  1. Create a new Pipeline or select an existing one.
  2. Add the following steps to your pipeline jobs or stages (depending on your existing configuration) in azure-pipelines.yml.
- task: [email protected]
  inputs:
    versionSpec: '3.8'
  displayName: 'Install Python 3.8'
- script: pip install bridgecrew
  displayName: 'Install the Bridgecrew CLI'
- script: bridgecrew -d <directory> --bc-api-key <key> --repo-id <org/repo> --branch <branch>
  displayName: 'Scan with Bridgecrew'

Arguments:

  • <directory> - the directory containing IaC files to scan.
  • <key> - your Bridgecrew API key obtained earlier.
  • <repo> - the name of the org and repository, as in the value you would use in a git remote URL, e.g. your_org/your_repo.
  • <branch> - the name of the branch being scanned

If you just want to scan the build locally, but skip reporting violations to the Bridgecrew platform, you can omit the key, repo, and branch arguments.

If you want to scan the build but not make the build fail if there are violations, add the --soft-fail option.

An example pipeline for scanning a terraform module and applying it on a successful scan would look like this.

trigger:
  paths:
    include:
      - terraform/*

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: [email protected]
  inputs:
    versionSpec: '3.8'
  displayName: 'Install Python 3.8'
- task: [email protected]
  inputs:
    terraformVersion: 'v0.12.28'
  displayName: 'Install Terraform'
- task: [email protected]
  inputs:
    command: 'init'
    workingDirectory: 'terraform'
    backendType: 'azurerm'
    backendServiceArm: '...'
    backendAzureRmResourceGroupName: '...'
    backendAzureRmStorageAccountName: '...'
    backendAzureRmContainerName: '...'
    backendAzureRmKey: '...'
  displayName: 'terraform init'
- task: [email protected]
  inputs:
    command: 'validate'
    provider: 'azurerm'
    workingDirectory: 'terraform'
  displayName: 'terraform validate'
- script: pip install bridgecrew
  displayName: 'Install the Bridgecrew CLI'
- script: bridgecrew -d terraform --bc-api-key abcd1234 --repo-id my_org/my_repo --branch master
  displayName: 'Scan with Bridgecrew'
- task: [email protected]
  inputs:
    command: 'apply'
    workingDirectory: 'terraform'
    environmentServiceName: '...'
  displayName: 'terraform apply'

Updated about a month ago


Integrate with Azure Pipelines


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.