Add Secure Supply Chain Analysis to Aggregate Reports after Component…

… Detection (#29205) * Add Secure Supply Chain Analysis to Aggregate Reports after Component Detection * Ensure DisableDockerDetector is set to false fot the Compliance job * Add the condition back into the SSCA step
Azure · Jun 3, 2022 · cb5892f · cb5892f
1 parent 959b7ca
commit cb5892f
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/eng/pipelines/aggregate-reports.yml b/eng/pipelines/aggregate-reports.yml
@@ -144,6 +144,9 @@ stages:
         timeoutInMinutes: 120
         variables:
           - template: /eng/pipelines/templates/variables/globals.yml
+          - name: DisableDockerDetector
+            value: false
+
         pool:
           # CredScan build task is Windows only (https://aka.ms/credscan).
           vmImage: 'windows-2019'
@@ -155,6 +158,11 @@ stages:
           condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
           displayName: 'Component Detection'
 
+        - task: ms.nuget-security-analysis.nuget-security-analysis.nuget-security-analysis@0
+          # Use the same conditions as the Component Detection
+          condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
+          displayName: 'Secure Supply Chain Analysis'
+
         # Run link verification at the end as it will run no matter the pipeline passing or failing.
         # If this task fails with an error it shouldn't prevent aggregate reports from being generated.
         - template: /eng/common/pipelines/templates/steps/verify-links.yml