Investigate Component Governance runs in .NET builds

See https://github.com/Azure/azure-sdk-for-net/pull/14989#discussion_r487623082 for some discussion.

Originally the Analyze Job ran after the Build job so that it could download and analyze the nupkg packages we are building. However that does not seem to be the case [any longer ](https://dev.azure.com/azure-sdk/internal/_build/results?buildId=536064&view=logs&j=b70e5e73-bbb6-5567-0939-8415943fadb9&t=72a3110e-44c0-5323-690d-8dd09cc84ac8) and thus it is only running on packages that are committed in the repo. However I just looked at our [CG runs](https://dev.azure.com/azure-sdk/internal/_componentGovernance/98522?_a=components&typeId=1937810&alerts-view-option=active) and the packages are present and it looks like they are getting analyzed in our  [dev publishing step](https://dev.azure.com/azure-sdk/internal/_build/results?buildId=536064&view=logs&j=b1e79959-24d8-5aa9-2799-72d40c3e051b&t=f3fc8d9f-4e68-567c-1c63-cd6d9a749ff5) instead.  

We should go through and remove the CG steps (and disable the auto-injected step) from our Analyze step and make that an explicit step in our publish job so we don't accidently stop analyzing these. 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Investigate Component Governance runs in .NET builds #15143

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Investigate Component Governance runs in .NET builds #15143

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions