Skip to content

Binaries Analysis #1668

Binaries Analysis

Binaries Analysis #1668

name: "Binaries Analysis"
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '21 17 * * 0'
permissions:
contents: read
jobs:
analyze:
name: BinSkim Binary Analyze
runs-on: windows-latest
strategy:
matrix:
mode: [osx-x64,linux-x64,win-x64]
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup NuGet.exe for use with actions
uses: NuGet/setup-nuget@a21f25cd3998bf370fde17e3f1b4c12c175172f9 # v2.0.0
- name: Get BinSkim package from nuget
run: nuget install Microsoft.CodeAnalysis.BinSkim -Version 1.9.5 -OutputDirectory ${{ github.workspace }}
- name: Restore dependencies using Nuget
run: nuget restore src\client.sln -Verbosity Normal -NonInteractive -ConfigFile src/nuget.config
- name: dotnet Publish for ${{ matrix.mode }}
run: dotnet publish src\dsc\dsc.csproj -c Release -r ${{ matrix.mode }} --no-restore --self-contained true --verbosity normal
- name: Build endpointmanagerlauncher
run: dotnet publish src\EndpointManagerLauncher\endpointmanagerlauncher.csproj -r win-x64 -c Release --no-restore
- name: Install and Run BinSkim analysis
uses: Azure/powershell@1300bbd2b3e1c21c029fe34887d16d2809a1397f # v1.4.0
with:
inlineScript: |
${{ github.workspace }}\Microsoft.CodeAnalysis.BinSkim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze *.exe *.dll --recurse
azPSVersion: '3.1.0'