Binaries Analysis #1668
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Binaries Analysis" | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
# The branches below must be a subset of the branches above | |
branches: [ "main" ] | |
schedule: | |
- cron: '21 17 * * 0' | |
permissions: | |
contents: read | |
jobs: | |
analyze: | |
name: BinSkim Binary Analyze | |
runs-on: windows-latest | |
strategy: | |
matrix: | |
mode: [osx-x64,linux-x64,win-x64] | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Setup NuGet.exe for use with actions | |
uses: NuGet/setup-nuget@a21f25cd3998bf370fde17e3f1b4c12c175172f9 # v2.0.0 | |
- name: Get BinSkim package from nuget | |
run: nuget install Microsoft.CodeAnalysis.BinSkim -Version 1.9.5 -OutputDirectory ${{ github.workspace }} | |
- name: Restore dependencies using Nuget | |
run: nuget restore src\client.sln -Verbosity Normal -NonInteractive -ConfigFile src/nuget.config | |
- name: dotnet Publish for ${{ matrix.mode }} | |
run: dotnet publish src\dsc\dsc.csproj -c Release -r ${{ matrix.mode }} --no-restore --self-contained true --verbosity normal | |
- name: Build endpointmanagerlauncher | |
run: dotnet publish src\EndpointManagerLauncher\endpointmanagerlauncher.csproj -r win-x64 -c Release --no-restore | |
- name: Install and Run BinSkim analysis | |
uses: Azure/powershell@1300bbd2b3e1c21c029fe34887d16d2809a1397f # v1.4.0 | |
with: | |
inlineScript: | | |
${{ github.workspace }}\Microsoft.CodeAnalysis.BinSkim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze *.exe *.dll --recurse | |
azPSVersion: '3.1.0' |