Skip to content

Enable BinSkim scan in nightly validation #8976

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 30, 2023
Merged

Enable BinSkim scan in nightly validation #8976

merged 2 commits into from
Jun 30, 2023

Conversation

@MilenaHristova
Copy link
Contributor

@MilenaHristova MilenaHristova commented Jun 29, 2023

Enabling BinSkim scan over build artifacts in Validate-DotNet pipeline
Issue: dotnet/arcade-services#2647

@andriipatsula will merge this once the change in the pipeline is tested. After the validation pipeline run you can expect a TSA email with some alerts from the BinSkim scan

andriipatsula
andriipatsula approved these changes Jun 30, 2023
View reviewed changes
Copy link
Member

@andriipatsula andriipatsula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are required to run SDL tools on official builds and implement automated bug filling for the tools output. Currently we are running SDL checks over the source code in the nightly builds and in the .NET staging pipeline, but to be compliant we need to also run BinSkim over the produced artifacts.

This PRs is enabling BinSkim checks in the nightly run of Validate-DotNet pipeline.

@andriipatsula andriipatsula mentioned this pull request Jun 30, 2023
Closed
16 tasks
@andriipatsula
Copy link
Member

andriipatsula commented Jun 30, 2023

@JanKrivanek can you please merge this PR. I see a message "The base branch restricts merging to authorized users".

@JanKrivanek JanKrivanek merged commit 021b81b into dotnet:main Jun 30, 2023
This was referenced Jul 29, 2025
Closed
Closed
Closed
@dependabot dependabot bot mentioned this pull request Aug 6, 2025
Closed
@dependabot dependabot bot mentioned this pull request Aug 15, 2025
Closed
This was referenced Oct 15, 2025
Open
Open
Closed
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcpopMSFT marcpopMSFT Awaiting requested review from marcpopMSFT

2 more reviewers

@JanKrivanek JanKrivanek JanKrivanek approved these changes

@andriipatsula andriipatsula andriipatsula approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MilenaHristova @andriipatsula @JanKrivanek