From 953dd1e3daca0793b7241e967c3e4413392ba67d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20K=C3=B6plinger?= Date: Wed, 17 Apr 2024 17:42:38 +0200 Subject: [PATCH] Use placeholder value to fix CredScan We can use the special value `PLACEHOLDER` to tell CredScan these credentials are fake ones. --- .config/guardian/.gdnbaselines | 43 ---------------------------------- azure-pipelines-public.yml | 2 +- azure-pipelines.yml | 2 +- eng/helix.proj | 2 +- 4 files changed, 3 insertions(+), 46 deletions(-) delete mode 100644 .config/guardian/.gdnbaselines diff --git a/.config/guardian/.gdnbaselines b/.config/guardian/.gdnbaselines deleted file mode 100644 index 9d583b2d4a3..00000000000 --- a/.config/guardian/.gdnbaselines +++ /dev/null @@ -1,43 +0,0 @@ -{ - "properties": { - "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines" - }, - "version": "1.0.0", - "baselines": { - "default": { - "name": "default", - "createdDate": "2024-03-11 23:15:38Z", - "lastUpdatedDate": "2024-03-11 23:15:38Z" - } - }, - "results": { - "3ab8ecce707fd366db801cd25496a3bf4e5984c2e97b34c2a2e4ae5403167192": { - "signature": "3ab8ecce707fd366db801cd25496a3bf4e5984c2e97b34c2a2e4ae5403167192", - "alternativeSignatures": [], - "target": "azure-pipelines-public.yml", - "line": 214, - "memberOf": [ - "default" - ], - "tool": "credscan", - "ruleId": "CSCAN-GENERAL0060", - "createdDate": "2024-03-11 23:15:38Z", - "expirationDate": "2024-08-29 00:39:44Z", - "justification": "This error is baselined with an expiration date of 180 days from 2024-03-12 00:39:44Z" - }, - "07b47302c50eb284f09501218f012eb0ea54edf3d8ae1a3737f1bd5083da699a": { - "signature": "07b47302c50eb284f09501218f012eb0ea54edf3d8ae1a3737f1bd5083da699a", - "alternativeSignatures": [], - "target": "azure-pipelines.yml", - "line": 237, - "memberOf": [ - "default" - ], - "tool": "credscan", - "ruleId": "CSCAN-GENERAL0060", - "createdDate": "2024-03-11 23:15:38Z", - "expirationDate": "2024-08-29 00:39:44Z", - "justification": "This error is baselined with an expiration date of 180 days from 2024-03-12 00:39:44Z" - } - } -} \ No newline at end of file diff --git a/azure-pipelines-public.yml b/azure-pipelines-public.yml index 89952ad0c48..1385a59715b 100644 --- a/azure-pipelines-public.yml +++ b/azure-pipelines-public.yml @@ -211,6 +211,6 @@ stages: env: HelixAccessToken: $(_HelixAccessToken) SYSTEM_ACCESSTOKEN: $(System.AccessToken) # We need to set this env var to publish helix results to Azure Dev Ops - MSSQL_SA_PASSWORD: "Password12!" + MSSQL_SA_PASSWORD: "PLACEHOLDER" COMPlus_EnableWriteXorExecute: 0 # Work-around for https://github.com/dotnet/runtime/issues/70758 DotNetBuildsInternalReadSasToken: $(dotnetbuilds-internal-container-read-token) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 478d6bece51..2a89cedd032 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -238,7 +238,7 @@ extends: HelixAccessToken: $(_HelixAccessToken) # We need to set this env var to publish helix results to Azure Dev Ops SYSTEM_ACCESSTOKEN: $(System.AccessToken) - MSSQL_SA_PASSWORD: "Password12!" + MSSQL_SA_PASSWORD: "PLACEHOLDER" # Work-around for https://github.com/dotnet/runtime/issues/70758 COMPlus_EnableWriteXorExecute: 0 DotNetBuildsInternalReadSasToken: $(dotnetbuilds-internal-container-read-token) diff --git a/eng/helix.proj b/eng/helix.proj index 29609a7b5ff..2d377293693 100644 --- a/eng/helix.proj +++ b/eng/helix.proj @@ -21,7 +21,7 @@ false efcore/localbuild/ t001 - Password12! + PLACEHOLDER