From 5bd502df2eb87975301df882795185c8f44343e4 Mon Sep 17 00:00:00 2001 From: ttstanley <62913657+ttstanley@users.noreply.github.com> Date: Thu, 9 Feb 2023 11:18:50 -0800 Subject: [PATCH 1/6] Update .vsts-ci.yml for Azure Pipelines --- .vsts-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.vsts-ci.yml b/.vsts-ci.yml index cbf48301..1e0034bb 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -10,6 +10,7 @@ trigger: variables: NugetSecurityAnalysisWarningLevel: none # nuget.config requires signed packages by trusted owners + Codeql.Enabled: true queue: name: VSEngSS-MicroBuild2019-1ES From 32a66d1b94a8ce1640bb012f6ccabf3259ee8045 Mon Sep 17 00:00:00 2001 From: ttstanley <62913657+ttstanley@users.noreply.github.com> Date: Thu, 9 Feb 2023 13:27:45 -0800 Subject: [PATCH 2/6] Run Policheck --- .vsts-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.vsts-ci.yml b/.vsts-ci.yml index cbf48301..ccafae5b 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -98,6 +98,12 @@ steps: displayName: MicroBuild Cleanup condition: succeededOrFailed() +- task: PoliCheck@2 + displayName: 'Run PoliCheck' + inputs: + targetType: F + condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) + - task: ManifestGeneratorTask@0 inputs: BuildDropPath: $(Build.ArtifactStagingDirectory)/build_logs From 1ed5bd49be627acee31b0fed29072bf53168786f Mon Sep 17 00:00:00 2001 From: ttstanley <62913657+ttstanley@users.noreply.github.com> Date: Thu, 9 Feb 2023 14:01:15 -0800 Subject: [PATCH 3/6] Add Component Governance --- .vsts-ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.vsts-ci.yml b/.vsts-ci.yml index cbf48301..55849745 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -16,6 +16,13 @@ queue: timeoutInMinutes: 60 steps: + +- task: ComponentGovernanceComponentDetection@0 + inputs: + scanType: 'Register' + verbosity: 'Verbose' + alertWarningLevel: 'High' + - task: PowerShell@2 displayName: Set VSTS variables inputs: From 23da503d71372eb9a939e41f01e366c4e17d95b8 Mon Sep 17 00:00:00 2001 From: ttstanley <62913657+ttstanley@users.noreply.github.com> Date: Fri, 10 Feb 2023 11:01:52 -0800 Subject: [PATCH 4/6] antimalware scan --- .vsts-ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.vsts-ci.yml b/.vsts-ci.yml index cbf48301..66181f9a 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -56,6 +56,15 @@ steps: displayName: Install MicroBuild Signing plugin condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) +steps: +- task: AntiMalware@4 + displayName: 'Run MpCmdRun.exe' + inputs: + InputType: Basic + ScanType: CustomScan + FileDirPath: '$(Build.StagingDirectory)' + DisableRemediation: false + - task: VSBuild@1 inputs: vsVersion: 15.0 From 853f0c441f9742413fb4baa03dde6f08cec50700 Mon Sep 17 00:00:00 2001 From: ttstanley <62913657+ttstanley@users.noreply.github.com> Date: Fri, 10 Feb 2023 11:03:32 -0800 Subject: [PATCH 5/6] fixing broken syntax --- .vsts-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.vsts-ci.yml b/.vsts-ci.yml index 66181f9a..043a213e 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -56,7 +56,6 @@ steps: displayName: Install MicroBuild Signing plugin condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) -steps: - task: AntiMalware@4 displayName: 'Run MpCmdRun.exe' inputs: From 22f947108a03bce3cc03e56c298d597007707bd5 Mon Sep 17 00:00:00 2001 From: ttstanley <62913657+ttstanley@users.noreply.github.com> Date: Mon, 27 Feb 2023 11:08:26 -0800 Subject: [PATCH 6/6] Adding step to publish policheck artifacts. --- .vsts-ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.vsts-ci.yml b/.vsts-ci.yml index ccafae5b..979416e8 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -125,6 +125,14 @@ steps: displayName: 'Publish Artifact: build logs' condition: succeededOrFailed() +- task: PublishSecurityAnalysisLogs@3 + displayName: 'Publish Guardian Artifacts' + inputs: + ArtifactName: CodeAnalysisLogs + ArtifactType: Container + PublishProcessedResults: false + AllTools: true + ## Following steps are skipped in PR builds - task: CopyFiles@1