diff --git a/tools/ci_build/github/azure-pipelines/nuget/templates/dml-vs-2022.yml b/tools/ci_build/github/azure-pipelines/nuget/templates/dml-vs-2022.yml index 94795c711c..0b8a7f642b 100644 --- a/tools/ci_build/github/azure-pipelines/nuget/templates/dml-vs-2022.yml +++ b/tools/ci_build/github/azure-pipelines/nuget/templates/dml-vs-2022.yml @@ -278,6 +278,8 @@ stages: - template: ../../templates/compliance.yml parameters : msbuildPlatform: ${{ parameters.sln_platform }} + ${{ if eq(variables.vsVersion, '2019') }}: + vs2022: false - template: ../../templates/component-governance-component-detection-steps.yml parameters : diff --git a/tools/ci_build/github/azure-pipelines/templates/compliance.yml b/tools/ci_build/github/azure-pipelines/templates/compliance.yml index c48c873a92..b0722cecdc 100644 --- a/tools/ci_build/github/azure-pipelines/templates/compliance.yml +++ b/tools/ci_build/github/azure-pipelines/templates/compliance.yml @@ -4,6 +4,11 @@ parameters: type: string default: x64 +- name: vs2022 + displayName: If the Visual Studio version is 2022 + type: boolean + default: true + steps: - task: CredScan@2 displayName: 'Run CredScan' @@ -18,10 +23,44 @@ steps: arguments: 'analyze $(Build.BinariesDirectory)\RelWithDebInfo\RelWithDebInfo\*.dll --recurse --verbose' continueOnError: true -- task: TSAUpload@2 - displayName: 'TSA upload' - condition: and (succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) +- task: DeleteFiles@1 + displayName: 'Delete files from $(Build.BinariesDirectory)\RelWithDebInfo' inputs: - GdnPublishTsaOnboard: false - GdnPublishTsaConfigFile: '$(Build.sourcesDirectory)\.gdn\.gdntsa' + SourceFolder: '$(Build.BinariesDirectory)\RelWithDebInfo' + Contents: | + **/*.obj + **/*.pdb + **/*.dll +#Manually set msBuildCommandline so that we can also set CAExcludePath +- task: securedevelopmentteam.vss-secure-development-tools.build-task-prefast.SDLNativeRules@2 + displayName: 'Run the PREfast SDL Native Rules for MSBuild' + inputs: + userProvideBuildInfo: msBuildInfo + msBuildArchitecture: x64 + ${{ if eq(parameters.vs2022, false)}}: + msBuildVersion: 16.0 + msBuildCommandline: '"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\amd64\msbuild.exe" "$(Build.BinariesDirectory)\RelWithDebInfo\onnxruntime.sln" /p:platform="${{parameters.msbuildPlatform}}" /p:configuration="RelWithDebInfo" /p:CAExcludePath="$(Build.BinariesDirectory);$(Build.SourcesDirectory)\cmake;C:\program files (x86)" /p:VisualStudioVersion="17.0" /m /p:PreferredToolArchitecture=x64' + ${{ else }}: + msBuildVersion: 17.0 + msBuildCommandline: '"C:\Program Files\Microsoft Visual Studio\2022\Enterprise\MSBuild\Current\Bin\amd64\msbuild.exe" "$(Build.BinariesDirectory)\RelWithDebInfo\onnxruntime.sln" /p:platform="${{parameters.msbuildPlatform}}" /p:configuration="RelWithDebInfo" /p:CAExcludePath="$(Build.BinariesDirectory);$(Build.SourcesDirectory)\cmake;C:\program files (x86)" /p:VisualStudioVersion="17.0" /m /p:PreferredToolArchitecture=x64' + continueOnError: true + +- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1 + displayName: 'Create Security Analysis Report' + inputs: + BinSkim: true + BinSkimBreakOn: WarningAbove + CredScan: true + SDLNativeRules: true + +- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 + displayName: 'Publish Security Analysis Logs' + continueOnError: true + +- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1 + condition: and (succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) + displayName: 'TSA Upload' + inputs: + tsaVersion: TsaV2 + codeBaseName: 'onnxruntime_main' continueOnError: true