Configure the Extension for Build Pipelines Projects
Click to view navigation pane

Home

Configure the Extension for Build Pipelines Projects

The Qualys IaC Security extension can be added as a task in your Build pipeline.

You can use the Qualys IaC Security extension as a pre-deployment task in your project pipeline. After installing, you can see the Qualys IaC Security extension as a task in your pipeline.

Perform the following steps in the task tab:

Click Picture 6  the icon under your agent job and search for Scan IaC templates using Qualys TotalCloud. Click Add to add the extension as a task in the build pipeline.

Add task under a job

Click the task under the agent job to configure the extension.

Configure task

After entering the display name, you must provide the IaC scan service endpoint to connect to TotalCloud APIs. You can use the preconfigured IaC scan service endpoint or configure a new one.

Click New to the IaC Scan service/server endpoint field to configure a new service endpoint.

Configure new service connection

Enter the Qualys platform URL, Username, and Password in the New service connection screen. Provide a Service connection name and click Save. Once added, the service endpoint is listed in the IaC Scan service or server endpoint drop-down field.

The Qualys platform URL that you use here depends on the Qualys platform your organization is using. To identify the platform URL, refer to Identify your Qualys platform.

If your Azure DevOps instance does not have direct Internet access and requires a proxy, click the Use Proxy check box, and enter the proxy server information.

Launch Scan API Parameters

In the Launch Scan API Parameters, provide a scan name, file path, or directory you want to scan.

Scan API parameters

The Scan Name is populated automatically. By default, the scan name is $(DefinitionName)_azureDevOps_$(ID). However, you can update the scan name.

Enter the file name or directory path to be scanned. If you do not specify the path, the entire repository is scanned.

 By default,.tf, .yaml,.yml, .json, and .template files in the directory are scanned. If you want to scan any compressed file, add the path and name of the compressed file. For example, .zip, .7z, .tar, .tar.gz, and .gz.

Build Failure Conditions

Configure the criteria to fail a build job based on the number of failed controls for each severity.

Build failure conditions

The build fails if the number of failed controls exceeds the specified number for one or more severity types in scan results.

Timeout Settings

In the Timeout settings, specify the polling frequency in seconds for collecting the IaC scan result data. By default, it is set to 30 seconds.

We recommend you set this value to a minimum of 10 seconds.

You can also specify the timeout duration for a running scan. By default, it is set to 10 minutes.

Timeout settings

Save the configuration and click Queue to run the pipeline.

Next step:

Qualys IaC Scan Result