How to scan Local builds using jFrog Xray - visual-studio

We have Artifactory and Xray for our developers and we have Azure DevOps pipelines integrated with these tools where the builds are scanned for each pipeline execution.
But when developers are doing local builds from their development workstations they also need to be scanned before merging to the repos in ADO.
So we are looking for some possibility where the developers are able to connect to Xray from their IDE client itself.
They are using IDEs like, Visual Studio and Visual Studio Code
need to Run the local builds of - NuGet, Maven, Gradle, Android, IOS, Nodes..
Can anyone suggest how this can be achieved from IDEs or CLIs like (jFrog CLI, or git bash, etc...)

You can use the JFrog VS Code Extension which allows you to scan project dependencies using JFrog Xray in VS Code.
It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in their VS Code IDE. The extension also allows developers to track the status of the code while it is being built, tested and scanned on the CI server.

Related

XXXX is not compatible with monoandroid10.0

I have a Xamarin project that builds just fine on my local machine but is not building on the azure server. Anyone see this before ?
##[error]The nuget command failed with exit code(1) and error(NU1201: Project XXX.XXXX.XXXXX is not compatible with monoandroid10.0 (MonoAndroid,Version=v10.0). Project XXX.XXXX.XXXXX supports: netstandard2.1 (.NETStandard,Version=v2.1)
Upgrade your nuget version to 5.8 and this will all go away :)
If you use Azure pipelines to Build and deploy Xamarin apps, please refer to this doc. And if you use Microsoft-hosted agent, its build environment is different from local machine, such as it may lack of some software or installs different software version. You can see the installed software for each hosted agent by choosing the Included Software link in the table.
To your issue, please check which NuGet version do you use to build this project locally, and then use the NuGet Tool Installer task in Azure pipeline to specify this NuGet version(maybe 5.8.0 works for your issue as Mouse commented) to build your project with Microsoft-hosted agent.
Also you could deploy local self-hosted Windows agent and use it in Azure pipeline to build your project, which will run local build environment.
BTW, you could refer to this doc: Review logs to diagnose pipeline issues to make initial troubleshooting steps when encounter pipeline issues.

Sonarqube and code testing

I want to run sonarqube testing on my sonarqube server and want to see test result (test report) from my client machine without touching server.
How can I do that in case of multiple developers will push their code to test on sonar server and need to see test result from their local machine?
There is the http://www.sonarlint.org/ plugin available for eclipse, IntelliJ IDEA and Visual Studio. The plugins for first two IDEs support Java, JavaScript and PHP, the plugin for Visual Studio supports .NET code.
All three offer the Connected Mode which can "establish a connection to a SonarQube server (4.5.4+) and bind your [...] project to a SonarQube project."
This might help you depending on your development environment.

Third party tools in Visual Studio Team Services Continuous Integration

I am planning to move from TeamCity to Visual Studio Team Services CI builds (mainly to avoid having to run and manager a server for TeamCity, version control repository etc.)
My TeamCity build uses a third party obfuscator, called Crypto Obfuscator for obfuscating code when it is built. I have searched through all available documentation online but cannot find out if Team Services lets you somehow install and use third party tools in CI builds.
If not, is there any way obfuscation can be introduced in Team Services CI builds?
Thanks for your time.
The new build system is task-based -- you can either write a custom task and upload it to Team Services, or just call the appropriate command-line utilities on your build server.
If you're using a hosted build server, you'll have no ability to install third-party tools.
The Team Services build service (build server hosted by Microsoft) is not for you. You won't be able to run the obfuscation program you have.
But you can use your own Build server, connect it to Team Services and keep your MSBuild script.

Visual Studio Online, Github, Jira, Octopus Deploy

We are looking at using Visual Studio online in an environment with multiple development partners that support a myriad number of systems. Across these partners, each one of them uses their own source control however we are looking at a model that commits code into a repository managed by us.
As part of this, we are looking to support partners that use toolsets such as Github, Jira, Bamboo, TeamCity, Octopus Deploy, etc
Does Visual Studio Online natively integrate with all of these?
When using Visual Studio Online, do accounts need to be setup with each of these services e.g Github?
Will Visual Studio Online support all IDEs e.g. Eclipse, Xcode, etc?
What other considerations do we need to consider e.g. latency, local copies (should connectivity be lost), etc?
If upgrading from Team Foundation Server 2010 to Visual Studio Online, what other considerations do we have to take onboard?
For the purposes of continuous integration & deployment, does Visual Studio Online support this natively?
If there is no native support for Jira for example, are there similar native features available with Visual Studio Online?
If you want integration with GitHub, then the first requirement would be to use Git as your VCS. This also requires you to use Team Foundation Server 2013 (or later) if you want to host it yourself, as earlier versions don’t support Git.
Once you use Git, you can indeed access the repository from VSO with other clients, as it provides a normal Git interface which all Git tooling options can talk to. And you also get the benefits of Git as a DVCS, so you can use it completely offline.
If you want to user other online services (e.g. GitHub), then of course you do need accounts for those services. VSO is something separate on its own.
As for features of VSO, you need to know that it’s technically a Team Foundation Server, so it comes with a range of included tools. For example an issue management, a build server with continuous integration, a team chat room, etc. So you may not need other services.
Visual Studio Online (now Visual Studio Team Services) supports Eclipse, IntelliJ, your favorite Java IDE, Xcode, Visual Studio, or any editor/IDE you like.

Migrate TFS 2008 to Visual studio online? (on build and security)

we uses on-premise tfs 2008 for source safe and build engine. The build script is heavily customized with msbuild scripts. Developers uses active directory to authenticate then queue a build.
We look around to go to Visual Studio Online, question
- the big concern is the build script, we don't really want to rewrite it, is it possible to use the current MSBuild project in the VSO build process?
- for authentication, how to integrate with the on-premise AD with the VSO? how to migrate the existing security project settings to the VSO?
Ok, so the answers to all of your questions is maybe 😊.
You can continue to use your on-premises build server with VSO. If you upgrade your agents to TF Build 2010 or 2013 servers you can plug them into VSO and build in the same way.
You may be able to use the cloud build agents if you don't need custom things installed on the build agents to compile. Probably best to stick with local agents for now.
For AD you can configure an Azure Active Directory (AAD) and wire it up to VSO. There is then a connector to sync your local AD with AAD (very easy) and enable single signe-on. There are fiddly bits but mostly strait forward.
http://nakedalm.com/use-corporate-identities-existing-vso-accounts/
I enabled it for my account but without the local AD sync as I don't have one.
I have a few customer that are on VSO and sync their local AD with AAD and are very happy.

Resources