Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Promote the source-build's license scan pipeline to be a general VMR pipeline #4091

Closed
MichaelSimons opened this issue Feb 2, 2024 · 2 comments
Closed

Promote the source-build's license scan pipeline to be a general VMR pipeline #4091

MichaelSimons opened this issue Feb 2, 2024 · 2 comments
Assignees
@ellahathaway
Labels
area-infra Source-build infrastructure and reporting

Comments

@MichaelSimons
Copy link
Member

MichaelSimons commented Feb 2, 2024
edited by ellahathaway
Loading

This is related to #4088.

This includes:

  1. Renaming the pipeline/yml to not be source-build specific.
  2. Examine the feasibility of running the scan on flows into the VMR or at the repo level.
@dotnet-issue-labeler dotnet-issue-labeler bot added area-additional-repos Adding additional contributing repos untriaged labels Feb 2, 2024
@MichaelSimons MichaelSimons mentioned this issue Feb 2, 2024
Closed
@MichaelSimons MichaelSimons removed the area-additional-repos Adding additional contributing repos label Feb 2, 2024
@MichaelSimons MichaelSimons added area-infra Source-build infrastructure and reporting and removed untriaged labels Feb 15, 2024
@ellahathaway
Copy link
Member

Updating this issue:

  1. Renaming the pipeline/yml to not be source-build specific.
  • We should rename the pipeline to something that is not source-build specific
  • The pipeline makes use of ./prep-source-build.sh. Since this is a source-build specific script, we should evaluate if we should/need to still make use of this script in the pipeline.
  1. Examine the feasibility of running the scan on flows into the VMR or at the repo level.
  • This is a bigger issue. Since the scanning, like the binary tool, relies on cloaks, we need to determine if it is feasible to cloak at the repo level first.
  • The determination on the cloaking will determine the actionability of this work item.

@ellahathaway ellahathaway mentioned this issue Mar 26, 2024
Merged
@ellahathaway
Copy link
Member

Based on #4267, it seems like we have decided to implement the license scan at the repo level. Therefore, I'm saying that Examine the feasibility of running the scan on flows into the VMR or at the repo level has been accomplished.

Marking this issue as closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ellahathaway ellahathaway

Labels
area-infra Source-build infrastructure and reporting
Projects
.NET Source Build
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichaelSimons @ellahathaway