Skip to content

Variable group for credentials; harden jq install#6

Merged
levine-cycode merged 2 commits into
mainfrom
fix/variable-group-and-jq-install
Apr 23, 2026
Merged

Variable group for credentials; harden jq install#6
levine-cycode merged 2 commits into
mainfrom
fix/variable-group-and-jq-install

Conversation

@appsechq-brian
Copy link
Copy Markdown
Member

@appsechq-brian appsechq-brian commented Apr 22, 2026

Summary

  • All 3 top-level pipelines now use `- group: cycode-credentials` instead of raw secret pipeline variables — single rotation point (Key Vault-friendly)
  • `jq` install step now supports apt-get (Linux) and brew (macOS), and fails loudly with a clear remediation hint on any other OS

Test plan

  • All 4 YAML files parse cleanly
  • No changes to script behavior or the RIG query
  • Pipelines still run green in the ADO test environment (will verify after merge)

appsechq-brian and others added 2 commits April 22, 2026 17:15
@appsechq-brian
Use ADO Library variable group for credentials; harden jq install
9cb537a 
Two small improvements based on end-to-end testing in Azure DevOps:

Variable group for credentials
- All three top-level pipelines now reference an ADO Library variable
  group named 'cycode-credentials' via 'variables: - group: ...' instead
  of expecting CYCODE_CLIENT_ID / CYCODE_CLIENT_SECRET as bare secret
  pipeline variables. Single source of truth for credential rotation
  (ideally backed by Key Vault) and fewer pipelines to update when the
  service account changes.

jq install hardening
- The 'apt-get || true' form silently masked failures on agents without
  apt-get (macOS, RHEL, Windows, distroless). Now: detect apt-get, fall
  back to brew, and fail loudly with a clear 'Preinstall jq on the agent'
  message if neither is available.
@levine-cycode
Merge branch 'main' into fix/variable-group-and-jq-install
492d2e6
@levine-cycode levine-cycode merged commit 043ce7d into main Apr 23, 2026
5 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@appsechq-brian @levine-cycode