Add CG Manually to Configure Exclude Dir (#2102)

* Add CG Manually to Configure Exclude Dir Hopefully this will override the 1ES auto injected task because I can't find a way to configure that one. I've also asked them if that's possible. The .vscode test package.json describes the built-in handlebars extension, not the handlebars npm package that has the vulnerability, so it should be excluded. CG is auto injected in each task so I had to try adding it to each one. * Make it only a step * Edit the 1ES template configuration * remove the task
dotnet · Feb 7, 2025 · 674f368 · 674f368
1 parent 56b1833
commit 674f368
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/1es-azure-pipeline.yml b/1es-azure-pipeline.yml
@@ -70,6 +70,8 @@ extends:
         exclusionsFile: $(System.DefaultWorkingDirectory)\PoliCheckExclusions.xml
       tsa:
         enabled: true
+      componentgovernance:
+        ignoreDirectories: '.vscode-test/**'
     stages:
     - stage: Internal
       jobs:

diff --git a/pipeline-templates/build-test.yaml b/pipeline-templates/build-test.yaml
@@ -41,4 +41,4 @@ jobs:
       condition:
     - script: ./test.sh
       displayName: 🔎 Test Mac and Linux
-      env: {DISPLAY: ':99.0'}
+      env: {DISPLAY: ':99.0'}
diff --git a/pipeline-templates/upstream-verify.yaml b/pipeline-templates/upstream-verify.yaml
@@ -20,4 +20,4 @@ jobs:
     inputs:
       scriptSource: 'filePath'
       scriptPath: 'dependency-verifier.py'
-      arguments: '$(System.PullRequest.TargetBranch)'
+      arguments: '$(System.PullRequest.TargetBranch)'