perform scans on azure pipeline

GabrielVasilescu04 · GabrielVasilescu04 · commit f1c3fffb0b67 · 2025-10-09T11:48:32.000+03:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,12 +9,6 @@ on:
   pull_request:
     branches:
       - main
-  workflow_dispatch:
-    inputs:
-      run_security_scans:
-        description: 'Run FOSSA and CODEQL scans'
-        required: false
-        default: 'false'
 
 jobs:
   commit-lint:
@@ -29,8 +23,4 @@ jobs:
     secrets:
       UIPATH_URL: ${{ secrets.UIPATH_URL }}
       UIPATH_CLIENT_ID: ${{ secrets.UIPATH_CLIENT_ID }}
-      UIPATH_CLIENT_SECRET: ${{ secrets.UIPATH_CLIENT_SECRET }}
-
-  security-scans:
-    if:  github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.run_security_scans =='true')
-    uses: ./.github/workflows/security-scans.yml
+      UIPATH_CLIENT_SECRET: ${{ secrets.UIPATH_CLIENT_SECRET }}
diff --git a/.github/workflows/security-scans.yml b/.github/workflows/security-scans.yml
diff --git a/.pipelines/security-scans.yml b/.pipelines/security-scans.yml
@@ -0,0 +1,48 @@
+trigger:
+    branches:
+      include:
+        - main
+        - chore/add-security-scans
+
+resources:
+  repositories:
+    - repository: codeql
+      type: github
+      name: UiPath/AzurePipelinesTemplates
+      ref: refs/tags/uipath.security.codeql.1.9.5
+      endpoint: UiPath
+    - repository: fossa
+      type: github
+      name: UiPath/AzurePipelinesTemplates
+      ref: refs/tags/uipath.security.fossa.3.0.13
+      endpoint: UiPath
+
+variables:
+  - template: ./variables.yml
+
+stages:
+  - stage: FOSSA
+    dependsOn: []
+    jobs:
+      - job: FOSSA
+        steps:
+          - template: Security/fossa.steps.yml@fossa
+            parameters:
+              OS: linux
+              azureSubscription: $(azureInternalProductionEaConnectionName)
+              FOSSAFlags: '--project "uipath-langchain-python" --branch "$(Build.SourceBranch)" --revision "$(Build.SourceVersion)-$(Build.BuildId)"'
+              FOSSATestFlags: '--project "uipath-langchain-python" --revision "$(Build.SourceVersion)-$(Build.BuildId)"'
+              ${{ if contains(variables['Build.SourceBranch'], 'main') }}:
+                publishSecurityReports: true
+
+
+  - stage: CODEQL
+    dependsOn: []
+    jobs:
+      - job: CODEQL
+        steps:
+          - template: Security/codeql.interpreted.steps.yml@codeql
+            parameters:
+              os: 'linux64'
+              language: 'python'
+              azureSubscription: $(azureInternalProductionEaConnectionName)
diff --git a/.pipelines/variables.yml b/.pipelines/variables.yml
@@ -0,0 +1,2 @@
+variables:
+  azureInternalProductionEaConnectionName: Internal-Production-EA

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+variables:`
	`2`	`+ azureInternalProductionEaConnectionName: Internal-Production-EA`