We have a requirement to fail the azure devops Build pipeline if you get a Component goverance alert om missing license information on that particular build. Is there any powersehll command topull the component goveranace build result from pipeline and fail the build
Asked
Active
Viewed 83 times
-1
-
Component Governance has an API, but it's almost completely undocumented. This is the only published documentation I could find: https://docs.microsoft.com/en-us/rest/api/azure/devops/governance – Patrick Hallisey Dec 04 '20 at 20:55
-
When I dug into the GitHub link at the bottom of that page, then browse around, I found this folder with some api samples: https://github.com/MicrosoftDocs/vsts-rest-api-specs/tree/master/specification/componentGovernance I don't see anything there for alerts by build, just for settings and snapshots. – Patrick Hallisey Dec 04 '20 at 21:01
-
In our builds, I see an artifact added for component governance. It's a file like `GovCompDisc_Manifest_\d+.json`. But his doesn't contain any alerts. I believe Alerts for component governance are all external to the build, i.e. the build reports the packages it uses, then the packages may be marked as problematic at some point. – Patrick Hallisey Dec 04 '20 at 21:04
-
Instead of immediately failing the build, you would probably want a service that, based on alerts from component governance, adjusts the build quality for any build that used the problematic package. – Patrick Hallisey Dec 04 '20 at 21:06
1 Answers
0
When you get a Component goverance alert om missing license information, you could write an error with the following code:
# Writes an error to build summary and to log in red text
Write-Host "##vso[task.LogIssue type=error;]This is the error"
If you want this error to fail the build, then add this line:
exit 1
![](../../users/profiles/5425825.webp)
Cece Dong - MSFT
- 25,734
- 1
- 13
- 30
-
-
But issue is like in the from component governance output there is no specific word to filter the license missing alert... – Rahulan Payanat Dec 01 '20 at 12:02
-
How did you fetch the Component Governance result in powershell locally? This part seems out of DevOps's scope. – Cece Dong - MSFT Dec 02 '20 at 09:50
-
I seems like the question is more about getting results from Component Governance than about the mechanics of failing a build. – Patrick Hallisey Dec 04 '20 at 20:49
-
Component Governance is in DevOps scope. It's just really poorly documented. – Patrick Hallisey Dec 04 '20 at 20:52