Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run policheck as part of code analysis job #4882

Merged
merged 6 commits into from
Jul 1, 2020
Merged

Run policheck as part of code analysis job #4882

merged 6 commits into from
Jul 1, 2020

Conversation

pjcollins
Copy link
Member

@pjcollins pjcollins commented Jun 29, 2020
edited
Loading

Context: https://github.com/xamarin/yaml-templates/pull/42

PoliCheck has been added to our code analysis job. Initial results from
running this tool reported 27 failures, which are all present in
external sources and have been added to an exclusion list.

All code anaylsis steps and reporting for the xamarin-android pipeline
previously lived in yet another template (xa-static-analysis/v2.yml),
but the content of that file is no longer well suited for a template.
Rather than creating another version of this template in the
yaml-templates repo, the core logic has been moved here.

@pjcollins
Copy link
Member Author

Looks like 27 issues were found but the report stage was still green. We may need to create a suppressions list for this task. I'll see if I can get this to fail when issues are detected:
https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=3851603&view=logs&j=d3f8649d-db33-5c22-064d-51efdff82f35&t=37444108-2d0c-5c51-b8cb-04ce0fb93d42

@pjcollins
Copy link
Member Author

pjcollins commented Jun 30, 2020
edited
Loading

Example of a build with failing PoliCheck results - https://github.com/xamarin/xamarin-android/runs/823241298

We should be able to merge this after the yaml-templates PR is merged.

@pjcollins pjcollins requested a review from jonpryor June 30, 2020 16:35
@pjcollins pjcollins marked this pull request as ready for review July 1, 2020 15:16
@jonpryor
Copy link
Member

jonpryor commented Jul 1, 2020 

Fixes: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/1128206

Context: https://github.com/xamarin/yaml-templates/pull/42
Context: https://devdiv.visualstudio.com/DevDiv/_wiki/wikis/DevDiv.wiki/2704/Policheck
Context: https://microsoft.sharepoint.com/sites/globalreadiness/PublicDocuments/Forms/AllItems.aspx?id=%2Fsites%2Fglobalreadiness%2FPublicDocuments%2FPoliCheckSOMUserDocumentation%2FPoliCheckHelp%5Fv5%2E9%2E4%2Epdf&parent=%2Fsites%2Fglobalreadiness%2FPublicDocuments%2FPoliCheckSOMUserDocumentation

"Policheck is a text scanning tool designed to locate sensitive words
and phrases in Microsoft content".

Support for running Policheck has been added to our code analysis
job.  Initial results from running this tool reported 27 failures,
which are all present in external sources and have been added to an
exclusion list, `build-tools/automation/PoliCheckExclusions.xml`.

All code analysis steps and reporting for the xamarin-android pipeline
previously lived in the [`security/xa-static-analysis/v2.yml`][0]
template, but the content of that file is no longer well suited for a
template.  Rather than creating another version of this template in
the `yaml-templates` repo, the core logic has been moved here.

[0]: https://github.com/xamarin/yaml-templates/blob/d6db4a894be2271e3eb8f1faa1260c056cafa1c9/security/xa-static-analysis/v2.yml

@jonpryor jonpryor merged commit c52be98 into dotnet:master Jul 1, 2020
@pjcollins pjcollins deleted the run-policheck branch July 1, 2020 20:51
@github-actions github-actions bot locked and limited conversation to collaborators Jan 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jonpryor jonpryor Awaiting requested review from jonpryor

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Published: 11.2 (d16-9)
Development

Successfully merging this pull request may close these issues.
3 participants
@pjcollins @jonpryor @brendanzagaeski