To add Uleska testing into your Azure Pipelines we suggest you update your pipeline yaml file to include the Uleska CLI. The Uleska CLI can be inserted multiple times into your pipeline, to reflect the various stages where security testing can be applied (e.g. SAST testing just after the build, DAST testing in staging, container testing in container build, etc).
For ease of use, it makes sense to add common CLI arguments into a file or your yaml variables. The variables you use will depend on your setup and how you are testing. See the Uleska CLI documentation for more details.
For example, adding the Uleska Platform hostname, and Application Name, will help with consistency. Depending on your privacy or security setup, you can add the auth token as a variable, or include it as a secret variable.
To then include the Uleska CLI, create a new stage in your Azure Pipeline that will include two tasks. The first task simply instructs the Azure environment to use Python3, and the second task invokes the Uleska CLI.
An example Uleska testing task set is show here:
To break this down:
As we are not passing the '--print_json' flag, this invocation of the Uleska CLI will print the latest results to standard output, which in Azure will then be visible in the job run output for inspection, similar to the following.