XS✔ ◾ Pipeline Compliance: Adding PoliCheck & Removing Superfluous El…

…ements (#441) ## Summary ### Motivation PoliCheck was temporarily removed from the pipeline to get them into a compliant state, but this change should not be permanent. Moreover, the pipelines now contain superfluous variables following the compliance changes. ### Technical Adding PoliCheck to the pipeline with appropriate suppressions and removing the superfluous variables. ## Testing ### Test Types - [ ] Unit tests - [X] Manual tests
microsoft · Nov 2, 2023 · 617105a · 617105a
1 parent 6f35577
commit 617105a
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 9 deletions.
diff --git a/.github/azure-devops/PoliCheckExclusions.xml b/.github/azure-devops/PoliCheckExclusions.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<PoliCheckExclusions>
+    <Exclusion Type="FileName">LICENSE.txt|PACKAGE-LOCK.JSON</Exclusion>
+    <Exclusion Type="FolderPathStart">\DIST\</Exclusion><PoliCheckExclusions>
+    </PoliCheckExclusions>
+</PoliCheckExclusions>
diff --git a/.github/azure-devops/prod.yml b/.github/azure-devops/prod.yml
@@ -49,9 +49,6 @@ extends:
               name: Azure-Pipelines-1ESPT-ExDShared
               os: linux
               image: ubuntu-latest
-            variables:
-              - name: skipComponentGovernanceDetection
-                value: true
             steps:
               - checkout: none
                 displayName: Checkout

diff --git a/.github/azure-devops/template.yml b/.github/azure-devops/template.yml
@@ -32,8 +32,6 @@ stages:
             os: macOS
             image: macos-latest
         variables:
-          - name: skipComponentGovernanceDetection
-            value: true
           - name: System.Debug
             value: true
         steps:
@@ -63,8 +61,6 @@ stages:
             os: linux
             image: ubuntu-latest
         variables:
-          - name: skipComponentGovernanceDetection
-            value: true
           - name: System.Debug
             value: true
         steps:
@@ -94,8 +90,6 @@ stages:
             os: windows
             image: windows-latest
         variables:
-          - name: skipComponentGovernanceDetection
-            value: true
           - name: System.Debug
             value: true
         steps:
@@ -114,4 +108,31 @@ stages:
                 !dist/*
                 !package-lock.json
 
+      - job: Validation
+        displayName: Validation
+        pool:
+          ${{ if parameters.testInstance }}:
+            vmImage: windows-latest
+          ${{ else }}:
+            name: Azure-Pipelines-1ESPT-ExDShared
+            os: windows
+            image: windows-latest
+        steps:
+          - task: PoliCheck@2
+            displayName: PoliCheck
+            inputs:
+              targetType: F
+              optionsFC: 1
+              optionsUEPATH: $(Build.SourcesDirectory)/.github/azure-devops/PoliCheckExclusions.xml
+
+          - task: PublishSecurityAnalysisLogs@3
+            displayName: Guardian – Publish Artifacts
+
+          - task: PostAnalysis@2
+            displayName: Guardian – Perform Analysis
+            inputs:
+              GdnBreakPolicyMinSev: Note
+              GdnBreakGdnToolGosecSeverity: Default
+              GdnBreakPolicy: M365
+
 ...