Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Onboard repo to Secure Development Tools Azure DevOps #152

Merged
merged 1 commit into from
Aug 1, 2023
Merged

Onboard repo to Secure Development Tools Azure DevOps #152

merged 1 commit into from
Aug 1, 2023

Conversation

TinaMor
Copy link
Contributor

@TinaMor TinaMor commented Jul 31, 2023
edited
Loading

PR Description

This PR onboards this repo to Secure Development Tools used for running of security and compliance static analysis tools. It adds a YAML file that will be used to create an Azure DevOps pipeline. This pipeline will be triggered by PRs created against the main branch.

Reference

  1. CodeQL (previously Semmle)

  2. CodeInspector

  3. Publish Security Analysis Logs

Sample Run

image

@TinaMor TinaMor marked this pull request as draft July 31, 2023 05:48
@TinaMor TinaMor marked this pull request as ready for review July 31, 2023 06:02
profnandaa
profnandaa reviewed Jul 31, 2023
View reviewed changes
Copy link
Member

@profnandaa profnandaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wondering if this should be added as part of the /azure-pipelines.yml instead?

@profnandaa
Copy link
Member

wondering if this should be added as part of the /azure-pipelines.yml instead?

Approving; as you've explained about decoupling the pipeline since it takes a little longer that the current one.

profnandaa
profnandaa previously approved these changes Jul 31, 2023
View reviewed changes
bobsira
bobsira previously approved these changes Jul 31, 2023
View reviewed changes
Copy link
Contributor

@bobsira bobsira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

sdl-compliance-pipeline.yml Outdated Show resolved Hide resolved
iankingori
iankingori previously approved these changes Jul 31, 2023
View reviewed changes
CharityKathure
CharityKathure previously approved these changes Jul 31, 2023
View reviewed changes
@TinaMor TinaMor force-pushed the user/chmurimi/onboard-sdl-compliance branch from ae445aa to 345c6df Compare August 1, 2023 06:23
CharityKathure
CharityKathure approved these changes Aug 1, 2023
View reviewed changes
Copy link
Contributor

@CharityKathure CharityKathure left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@TinaMor TinaMor merged commit a47d40e into main Aug 1, 2023
@TinaMor TinaMor deleted the user/chmurimi/onboard-sdl-compliance branch August 1, 2023 11:01
CharityKathure pushed a commit that referenced this pull request Dec 7, 2023
@TinaMor
Onboard repo to Secure Development Tools Azure DevOps (#152)
566737a
CharityKathure added a commit that referenced this pull request Dec 7, 2023
@CharityKathure @bobsira @TinaMor
[release/2.1rc]] Cherry-pick release 2.0 fixes into 2.1.0rc (#166)
98be0dd 
* identify the ProviderGuid failing with 1168

* Onboard repo to Secure Development Tools Azure DevOps (#152)

* resolve c:// monitor fix merge conflicts

* Fix 30 seconds delay issue (#156)

* reduce file monitor wait time

* resolve event log failure fix merge conflicts

---------

Co-authored-by: Bob Sira <sbobfitz2@gmail.com>
Co-authored-by: Tina Murimi <christine.murimi@gmail.com>
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iankingori iankingori iankingori approved these changes

@CharityKathure CharityKathure CharityKathure approved these changes

@bobsira bobsira Awaiting requested review from bobsira

@profnandaa profnandaa Awaiting requested review from profnandaa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@TinaMor @profnandaa @bobsira @CharityKathure @iankingori