Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Binskim scan in CI builds #69081

Merged
merged 1 commit into from
Jul 31, 2023
Merged

Enable Binskim scan in CI builds #69081

merged 1 commit into from
Jul 31, 2023

Conversation

MilenaHristova
Copy link
Member

Enabling BinSkim scan over build artifacts in CI based on company requirements.

This change is dependent on arcade version update: #69016

We are required to run SDL tools on official builds and implement automated bug filling for the tools output. Currently we are running SDL checks over the source code in the nightly builds, inline in the builds for some of the product repos and in the .NET staging pipeline, but to be compliant we need to also run BinSkim over the produced artifacts.

This PRs is enabling BinSkim checks in the Run SDL tool job of dotnet-roslyn CI

More information is in the Automate BinSkim runs over official builds issue

@MilenaHristova MilenaHristova requested a review from a team as a code owner July 18, 2023 10:25
@dotnet-issue-labeler dotnet-issue-labeler bot added Area-Infrastructure untriaged Issues and PRs which have not yet been triaged by a lead labels Jul 18, 2023
@ghost ghost added the Community The pull request was submitted by a contributor who is not a Microsoft employee. label Jul 18, 2023
@MilenaHristova MilenaHristova mentioned this pull request Jul 18, 2023
Closed
16 tasks
@jaredpar
Copy link
Member

@dotnet/roslyn-infrastructure PTAL

@MilenaHristova MilenaHristova marked this pull request as draft July 21, 2023 12:46
@MilenaHristova
Copy link
Member Author

I converted it to draft because we uncovered a few questions regarding binskim that we should clear out before enabling the scan. Sorry for the noise

@MilenaHristova MilenaHristova marked this pull request as ready for review July 27, 2023 09:15
@MilenaHristova
Copy link
Member Author

@dotnet/roslyn-infrastructure please have a look

@genlu genlu removed Community The pull request was submitted by a contributor who is not a Microsoft employee. untriaged Issues and PRs which have not yet been triaged by a lead labels Jul 27, 2023
@MilenaHristova
Copy link
Member Author

@genlu can you please merge the PR because I can't

@genlu genlu merged commit ce75dbe into dotnet:main Jul 31, 2023
24 checks passed
@ghost ghost added this to the Next milestone Jul 31, 2023
@MilenaHristova MilenaHristova deleted the enable-binskim-scan branch August 1, 2023 07:58
@MilenaHristova MilenaHristova mentioned this pull request Aug 1, 2023
Merged
@allisonchou allisonchou mentioned this pull request Aug 3, 2023
Closed
@dibarbet dibarbet modified the milestones: Next, 17.8 P2 Aug 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@genlu genlu genlu approved these changes

Assignees
No one assigned
Labels
Area-Infrastructure
Projects
None yet
Milestone
17.8 P2
Development

Successfully merging this pull request may close these issues.
4 participants
@MilenaHristova @jaredpar @genlu @dibarbet