-1

We have a requirement to fail the azure devops Build pipeline if you get a Component goverance alert om missing license information on that particular build. Is there any powersehll command topull the component goveranace build result from pipeline and fail the build

Rahulan Payanat
  • 11
  • Component Governance has an API, but it's almost completely undocumented. This is the only published documentation I could find: https://docs.microsoft.com/en-us/rest/api/azure/devops/governance – Patrick Hallisey Dec 04 '20 at 20:55
  • When I dug into the GitHub link at the bottom of that page, then browse around, I found this folder with some api samples: https://github.com/MicrosoftDocs/vsts-rest-api-specs/tree/master/specification/componentGovernance I don't see anything there for alerts by build, just for settings and snapshots. – Patrick Hallisey Dec 04 '20 at 21:01
  • In our builds, I see an artifact added for component governance. It's a file like `GovCompDisc_Manifest_\d+.json`. But his doesn't contain any alerts. I believe Alerts for component governance are all external to the build, i.e. the build reports the packages it uses, then the packages may be marked as problematic at some point. – Patrick Hallisey Dec 04 '20 at 21:04
  • Instead of immediately failing the build, you would probably want a service that, based on alerts from component governance, adjusts the build quality for any build that used the problematic package. – Patrick Hallisey Dec 04 '20 at 21:06

1 Answers1

0

When you get a Component goverance alert om missing license information, you could write an error with the following code:

# Writes an error to build summary and to log in red text
Write-Host  "##vso[task.LogIssue type=error;]This is the error"

If you want this error to fail the build, then add this line:

exit 1
Cece Dong - MSFT
  • 25,734
  • 1
  • 13
  • 30