diff --git a/eng/pipelines/templates/jobs/archetype-sdk-client.yml b/eng/pipelines/templates/jobs/archetype-sdk-client.yml index 3acece95315f..68aa62742813 100644 --- a/eng/pipelines/templates/jobs/archetype-sdk-client.yml +++ b/eng/pipelines/templates/jobs/archetype-sdk-client.yml @@ -148,15 +148,22 @@ stages: - job: Analyze displayName: Analyze variables: - Codeql.Enabled: true - Codeql.BuildIdentifier: ${{ parameters.ServiceDirectory }} - Codeql.SkipTaskAutoInjection: false + - name: Codeql.Enabled + value: true + - name: Codeql.BuildIdentifier + value: ${{ parameters.ServiceDirectory }} + - name: Codeql.SkipTaskAutoInjection + value: false pool: name: azsdk-pool-mms-ubuntu-2004-general steps: - template: /eng/common/pipelines/templates/steps/check-spelling.yml + - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 + displayName: "Component Detection" + condition: and(succeededOrFailed(), ne(variables['Build.Reason'],'PullRequest')) + - task: GoTool@0 inputs: version: '1.21.0' diff --git a/eng/pipelines/templates/variables/globals.yml b/eng/pipelines/templates/variables/globals.yml index 77984cc5ffa7..e21cb3712dc8 100644 --- a/eng/pipelines/templates/variables/globals.yml +++ b/eng/pipelines/templates/variables/globals.yml @@ -5,9 +5,12 @@ variables: # https://docs.opensource.microsoft.com/tools/cg/index.html # https://github.com/microsoft/component-detection/blob/main/src/Microsoft.ComponentDetection.Detectors/go/GoComponentDetector.cs EnableGoCliScan: true - + # Disable CodeQL injections except for where we specifically enable it Codeql.SkipTaskAutoInjection: true # Set the default value so that 'Build Performance Tests' step can resolve it UseAzcoreFromMain: $[eq(variables['Use.AzcoreFromMain'], 'true')] + + # We enable this selectively to avoid overloading CG scanning/reporting on PR pipelines + skipComponentGovernanceDetection: true