1 files changed, 72 insertions, 0 deletions

diff --git a/azure-pipelines/template/static_analysis.yml b/azure-pipelines/template/static_analysis.yml
new file mode 100644
index 0000000..ffd0f44
--- /dev/null
+++ b/azure-pipelines/template/static_analysis.yml
@@ -0,0 +1,72 @@
+jobs:
+  - job: SourceScan
+    displayName: Source Scan
+
+    pool:
+      vmImage: windows-latest
+
+    steps:
+      - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
+        displayName: 'Run Credential Scanner'
+        inputs:
+          outputFormat: pre
+          debugMode: false
+        continueOnError: true
+
+      - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
+        displayName: 'Run PoliCheck'
+        inputs:
+          targetType: F
+        continueOnError: true
+
+      - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4
+        displayName: 'Run AntiMalware'
+        inputs:
+          FileDirPath: '$(Build.SourcesDirectory)'
+          EnableServices: true
+        continueOnError: true
+
+      - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+        displayName: Component Detection
+        inputs:
+          ignoreDirectories: '$(Build.SourcesDirectory)/tests'
+        continueOnError: true
+
+      - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
+        displayName: Create Security Analysis Report
+        inputs:
+          AllTools: false
+          AntiMalware: true
+          BinSkim: false
+          CredScan: true
+          PoliCheck: true
+          APIScan: false
+          CodesignValidation: false
+          FortifySCA: false
+          FxCop: false
+          ModernCop: false
+          MSRD: false
+          RoslynAnalyzers: false
+          SDLNativeRules: false
+          Semmle: false
+          TSLint: false
+          WebScout: false
+        continueOnError: true
+
+      - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
+        displayName: Publish Security Analysis Logs
+
+  - job: VersionChk
+    displayName: Version Check
+
+    pool:
+      vmImage: ubuntu-latest
+
+    steps:
+      - task: UsePythonVersion@0
+        displayName: 'Use Python 3.11'
+        inputs:
+          versionSpec: 3.11
+
+      - script: python ./.github/workflows/version_check.py
+        displayName: Version Check