Added new task.json for development extension and added overview.md t…

…o all vss manifest files

devTask/task.json

@@ -0,0 +1,118 @@
+{
+    "$schema": "https://raw.githubusercontent.com/Microsoft/azure-pipelines-task-lib/master/tasks.schema.json",
+    "id": "2d8ca2db-be04-4062-80ef-e139f39915a2",
+    "name": "snyk-artifactory-upload-dev",
+    "friendlyName": "snyk-artifactory-azure-upload-dev",
+    "description": "Development version to set's properties on Artifactory artifacts with result of snyk SAST scan",
+    "helpMarkDown": "",
+    "category": "Utility",
+    "author": "Snyk",
+    "version": {
+        "Major": 1,
+        "Minor": 1,
+        "Patch": 2
+    },
+    "instanceNameFormat": "Snyk Set Artifactory Properties",
+    "inputs": [
+        {
+            "name": "Operation",
+            "type": "pickList",
+            "label": "Operation",
+            "defaultValue": "CopyAndProcess",
+            "helpMarkDown": "Operation determines the function of the extension, copy (Takes Snyk JSON scan information and uploads it to build directory) should come before process (Updates selected Artifact with Snyk scan details) in the pipeline",
+            "options": {
+                "Copy": "Copy",
+                "Process": "Process",
+                "CopyAndProcess": "CopyAndProcess"
+            },
+            "required": true
+        },
+        {
+            "name": "SnykDirectory",
+            "type": "string",
+            "label": "SnykDirectory",
+            "helpMarkDown": "This determines the location where the Snyk report file will be copied and processed",
+            "required": true
+        },
+        {
+            "name": "artifactoryServiceConnection",
+            "type": "connectedService:jfrogArtifactoryService",
+            "label": "Artifactory Service Connection",
+            "defaultValue": "",
+            "helpMarkDown": "Select the Artifactory service connection.",
+            "visibleRule": "Operation = Process || Operation = CopyAndProcess",
+            "required": true
+        },
+        {
+            "name": "InputType",
+            "type": "pickList",
+            "label": "InputType",
+            "helpMarkDown": "Select how you'd like the extension to determine which Artifacts to set properties on - UrlLIst allows you to Allows you to enter a list of Artifact URL's, and Build will have you enter build details and pull Artifacts from there",
+            "visibleRule": "Operation = Process || Operation = CopyAndProcess",
+            "defaultValue": "Build",
+            "options": {
+                "UrlList": "UrlList",
+                "Build": "Build"
+            }
+        },
+        {
+            "name": "artifactUrls",
+            "type": "string",
+            "label": "artifactUrls",
+            "defaultValue": "",
+            "required": true,
+            "helpMarkDown": "A list of artifact url's (excluding base URL) to set properties on. i.e (someartifacts/location,anotherartifacts/location)",
+            "visibleRule": "InputType=UrlList"
+        },
+        {
+            "name": "delimiter",
+            "type": "string",
+            "label": "A char to split the artifact urls with",
+            "defaultValue": "",
+            "required": false,
+            "helpMarkDown": "A optional char to split the artifact urls with ",
+            "visibleRule": "InputType=UrlList"
+        },
+        {
+            "name": "BuildName",
+            "type": "string",
+            "label": "BuildName",
+            "defaultValue": "$(Build.DefinitionName)",
+            "required": true,
+            "helpMarkDown": "Name of build from which to pull Artifacts",
+            "visibleRule": "InputType=Build"
+        },
+        {
+            "name": "BuildNumber",
+            "type": "string",
+            "label": "BuildNumber",
+            "defaultValue": "$(Build.BuildNumber)",
+            "required": true,
+            "helpMarkDown": "The build number to search by, can be LATEST for the latest build number",
+            "visibleRule": "InputType=Build"
+        },
+        {
+            "name": "ProjectKey",
+            "type": "string",
+            "label": "ProjectKey",
+            "defaultValue": "$(ProjKey)",
+            "required": true,
+            "helpMarkDown": "The project name to search by",
+            "visibleRule": "InputType=Build"
+        },
+        {
+            "name": "BuildStatus",
+            "type": "string",
+            "label": "BuildStatus",
+            "defaultValue": "",
+            "required": false,
+            "helpMarkDown": "Optionally search for the latest build status (e.g: Released)",
+            "visibleRule": "InputType=Build"
+        }
+    ],
+    "execution": {
+        "Node16": {
+            "target": "index.js"
+        }
+    }
+}

overview.md

@@ -4,6 +4,10 @@
 
 This Azure DevOps task provides functionality to take Snyk vulnerability report details and upload them as properties onto Artifactory artifacts. It supports three main operations: `copy`, `process`, and `copyandprocess`. The task interacts with a Snyk vulnerability report file generated by a preceding task (Snyk Vulnerability Scan Task).
 
+## Supported Agent pools
+  - Linux: On-Prem-linux
+  - Windows: On-Prem-General
+
 ## Features
 
 - **Copy Operation:**
@@ -15,4 +19,87 @@ This Azure DevOps task provides functionality to take Snyk vulnerability report
   - Artifacts can be specified either by providing a list of artifact URLs or build details (build name, number, and project name).
     - When using the url list option you can call multiple URL's seperated by a delimter (which can be configured to be a custom in the task, by default it is <,>)
     - Url's can be specific artifacts or folders, the task will set properties as long as the path is valid.
-    - Do not include initial slash in URL list, example of a valid list > "path/to/some/artifact, path/to/some/folder"
+    - Do not include initial slash in URL list, example of a valid list > "path/to/some/artifact, path/to/some/folder"
+
+    ## Usage
+
+### Parameters
+
+- **Operation:**
+  - Choose one of the following operations: `copy`, `process`, `copyandprocess`.
+
+- **Snyk File Path (`snykFilePath`):**
+  - The directory path where the Snyk vulnerability report file will be stored or retrieved.
+
+- **Artifact Specification:**
+  - Specify artifacts either by providing a list of URLs or build details.
+
+### Example
+
+```yaml
+- task: snyk-artifactory-azure-upload@1
+    inputs:
+    Operation: 'CopyAndProcess'
+    SnykDirectory: '$(Pipeline.Workspace)'
+    artifactoryServiceConnection: 'someserviceconnection'
+    InputType: 'Build'
+    BuildName: 'somebuild'
+    BuildNumber: 'somebuildNumber'
+    ProjectName: 'someProjectName'
+```
+
+### Snyk Scan Data Properties
+
+Upon successfully retrieving scan data, the following properties are set on the artifact:
+
+- **Scan Status (`snyk_sast_scan_status`):**
+  - Indicates the status of the Snyk Static Application Security Testing (SAST) scan.
+
+- **Findings Present (`snyk_sast_findings_present`):**
+  - A boolean flag indicating whether Snyk findings are present.
+  - `true` if findings are present, `false` otherwise.
+
+- **Highest Severity Level (`snyk_sast_highest_severity_level`):**
+  - The highest severity level of vulnerabilities found in the scan.
+  - Possible values: `"high"`, `"medium"`, `"low"`, etc.
+
+- **High Severity Count (`snyk_sast_high_severity_count`):**
+  - The count of vulnerabilities with high severity.
+
+- **Medium Severity Count (`snyk_sast_medium_severity_count`):**
+  - The count of vulnerabilities with medium severity.
+
+- **Low Severity Count (`snyk_sast_low_severity_count`):**
+  - The count of vulnerabilities with low severity.
+
+- **Project Link (`snyk_sast_project_link`):**
+  - A link to the Snyk project providing detailed information about the scan results.
+
+
+
+
+# Contributing to Azure DevOps Snyk Vulnerability Report Task
+
+Thank you for considering contributing to this project! Please take a moment to review the following guidelines.
+
+## Open Source Contributions
+
+We currently do not accept open source contributions, including pull requests. The development of this project is primarily maintained by the project owners.
+
+## Bug Reports and Feature Requests
+
+For bug reports or feature requests, please follow these steps:
+
+1. Check if the issue has already been reported in [GitHub Issues](https://github.com/snyk-labs/snyk-artifactory-upload/issues).
+2. If not, open a new issue.
+3. Provide detailed information about the problem or the requested feature.
+
+## Pull Requests
+
+As mentioned earlier, we do not accept open source contributions, including pull requests. However, we appreciate your interest in improving the project.
+
+Thank you for your understanding and support!
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the [Apache License 2.0](./LICENSE).

vss-extension-dev.json

@@ -2,7 +2,7 @@
     "manifestVersion": 1,
     "id": "snyk-artifactory-upload-dev",
     "name": "Snyk Artifactory Upload (Dev)",
-    "version": "1.1.1",
+    "version": "1.1.2",
     "publisher": "SnykProfessionalServices",
     "icons": {
         "default": "images/extension-icon.png"
@@ -19,8 +19,16 @@
     "files": [
         {
             "path": "task"
+        },
+        {
+            "path": "devTask"
         }
     ],
+    "content": {
+        "details": {
+            "path": "overview.md"
+        }
+    },
     "contributions": [
         {
             "id": "custom-build-release-task",
@@ -29,7 +37,7 @@
                 "ms.vss-distributed-task.tasks"
             ],
             "properties": {
-                "name": "task"
+                "name": "devTask"
             }
         }
     ]

vss-extension.json

@@ -21,6 +21,11 @@
             "path": "task"
         }
     ],
+    "content": {
+        "details": {
+            "path": "overview.md"
+        }
+    },
     "contributions": [
         {
             "id": "custom-build-release-task",