diff --git a/action.yml b/action.yml index 9bf8334..ed76e53 100644 --- a/action.yml +++ b/action.yml @@ -20,6 +20,10 @@ inputs: description: A comma separated list of analyzer to run. Example bandit, binskim, container-mapping, eslint, templateanalyzer, terrascan, trivy. includeTools: description: Deprecated + subscriptionId: + description: The Azure Subscription ID to include in MSDO CLI telemetry for correlation with Defender for Cloud. + tenantId: + description: The Azure Tenant ID to include in MSDO CLI telemetry for correlation with Defender for Cloud. existingFilename: description: A SARIF filename that already exists. If it does, then the normal run will not take place and the file will instead be uploaded to MSDO backend. outputs: diff --git a/lib/msdo.js b/lib/msdo.js index e15b453..f6374b4 100644 --- a/lib/msdo.js +++ b/lib/msdo.js @@ -34,6 +34,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge Object.defineProperty(exports, "__esModule", { value: true }); exports.MicrosoftSecurityDevOps = void 0; const core = __importStar(require("@actions/core")); +const exec = __importStar(require("@actions/exec")); const msdo_helpers_1 = require("./msdo-helpers"); const client = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-client")); const common = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-common")); @@ -112,6 +113,41 @@ class MicrosoftSecurityDevOps { } args.push('--github'); } + let subscriptionId = core.getInput('subscriptionId'); + let tenantId = core.getInput('tenantId'); + if (common.isNullOrWhiteSpace(subscriptionId)) { + subscriptionId = process.env.AZURE_SUBSCRIPTION_ID || ''; + } + if (common.isNullOrWhiteSpace(tenantId)) { + tenantId = process.env.AZURE_TENANT_ID || ''; + } + if (common.isNullOrWhiteSpace(subscriptionId) || common.isNullOrWhiteSpace(tenantId)) { + try { + let azOutput = yield exec.getExecOutput('az account show --query "{tenantId:tenantId,id:id}" -o json', [], { silent: true, ignoreReturnCode: true }); + if (azOutput.exitCode === 0) { + let account = JSON.parse(azOutput.stdout.trim()); + if (common.isNullOrWhiteSpace(subscriptionId) && account.id) { + subscriptionId = account.id; + core.debug(`Auto-inferred subscriptionId from Azure CLI`); + } + if (common.isNullOrWhiteSpace(tenantId) && account.tenantId) { + tenantId = account.tenantId; + core.debug(`Auto-inferred tenantId from Azure CLI`); + } + } + } + catch (_a) { + core.debug('Azure CLI not available for auto-inference of subscriptionId/tenantId'); + } + } + if (!common.isNullOrWhiteSpace(subscriptionId)) { + process.env.MSDO_SUBSCRIPTIONID = subscriptionId.trim(); + process.env.MSDO_AGENTLESS_SUBSCRIPTION_ID = subscriptionId.trim(); + } + if (!common.isNullOrWhiteSpace(tenantId)) { + process.env.MSDO_TENANTID = tenantId.trim(); + process.env.MSDO_AGENTLESS_TENANT_ID = tenantId.trim(); + } yield client.run(args, 'microsoft/security-devops-action'); }); } diff --git a/src/msdo.ts b/src/msdo.ts index c95399c..56ca14f 100644 --- a/src/msdo.ts +++ b/src/msdo.ts @@ -1,4 +1,5 @@ import * as core from '@actions/core'; +import * as exec from '@actions/exec'; import { IMicrosoftSecurityDevOps } from './msdo-interface'; import { Tools } from './msdo-helpers'; import * as client from '@microsoft/security-devops-actions-toolkit/msdo-client'; @@ -97,6 +98,51 @@ export class MicrosoftSecurityDevOps implements IMicrosoftSecurityDevOps { args.push('--github'); } + let subscriptionId: string = core.getInput('subscriptionId'); + let tenantId: string = core.getInput('tenantId'); + + // Auto-infer from common Azure env vars if not explicitly provided + if (common.isNullOrWhiteSpace(subscriptionId)) { + subscriptionId = process.env.AZURE_SUBSCRIPTION_ID || ''; + } + if (common.isNullOrWhiteSpace(tenantId)) { + tenantId = process.env.AZURE_TENANT_ID || ''; + } + + // Auto-infer from Azure CLI if still not available (e.g., after azure/login) + if (common.isNullOrWhiteSpace(subscriptionId) || common.isNullOrWhiteSpace(tenantId)) { + try { + let azOutput = await exec.getExecOutput( + 'az account show --query "{tenantId:tenantId,id:id}" -o json', + [], + { silent: true, ignoreReturnCode: true } + ); + if (azOutput.exitCode === 0) { + let account = JSON.parse(azOutput.stdout.trim()); + if (common.isNullOrWhiteSpace(subscriptionId) && account.id) { + subscriptionId = account.id; + core.debug(`Auto-inferred subscriptionId from Azure CLI`); + } + if (common.isNullOrWhiteSpace(tenantId) && account.tenantId) { + tenantId = account.tenantId; + core.debug(`Auto-inferred tenantId from Azure CLI`); + } + } + } catch { + core.debug('Azure CLI not available for auto-inference of subscriptionId/tenantId'); + } + } + + if (!common.isNullOrWhiteSpace(subscriptionId)) { + process.env.MSDO_SUBSCRIPTIONID = subscriptionId.trim(); + process.env.MSDO_AGENTLESS_SUBSCRIPTION_ID = subscriptionId.trim(); + } + + if (!common.isNullOrWhiteSpace(tenantId)) { + process.env.MSDO_TENANTID = tenantId.trim(); + process.env.MSDO_AGENTLESS_TENANT_ID = tenantId.trim(); + } + await client.run(args, 'microsoft/security-devops-action'); } } \ No newline at end of file