Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PackageES Security and Compliance task to build #6766

Merged
merged 26 commits into from
Feb 28, 2022
Merged

Add PackageES Security and Compliance task to build #6766

merged 26 commits into from
Feb 28, 2022

Conversation

kmahone
Copy link
Member

@kmahone kmahone commented Feb 23, 2022

Enables a series of tasks run against our release pipeline that validate the security and compliance status of our code in an automated fashion. These checks include:

  • Component Governance - Inventories open-source components used in our build
  • PREfast - C/C++ static analysis for common code errors and exploits
  • Policheck - Searches source code, comments, and text for words that could be sensitive legally, culturally, or geopolitically
  • Credscan - Looks for credentials left behind in the code/documents and build output files
  • CheckCFlags - Validates that compile/link flags match the policies recommended by Windows engineering for inclusion into the OS product image
  • CFGCheck/XFGCheck - Validates that the CFG and/or XFG settings were enabled at compile and link time to guard against control flow attacks.

@ghost ghost added the needs-triage Issue needs to be triaged by the area owners label Feb 23, 2022
@kmahone
Copy link
Member Author

kmahone commented Feb 23, 2022

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@StephenLPeters StephenLPeters added area-DevInternal Internal build infrastructure, code cleanup, engineering efficiency team-Controls Issue for the Controls team and removed needs-triage Issue needs to be triaged by the area owners labels Feb 28, 2022
@kmahone kmahone merged commit 9ee7712 into main Feb 28, 2022
@kmahone kmahone deleted the user/kmahone/comply branch February 28, 2022 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StephenLPeters StephenLPeters StephenLPeters approved these changes

@ranjeshj ranjeshj Awaiting requested review from ranjeshj

Assignees
No one assigned
Labels
area-DevInternal Internal build infrastructure, code cleanup, engineering efficiency team-Controls Issue for the Controls team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kmahone @StephenLPeters