[0.70] Upgrade to BinSkim@4 (#11737)

This PR backports #11725 to 0.70. This PR updates our ADO pipelines to use BinSkim@4.
microsoft · Jun 9, 2023 · 9b7296f · 9b7296f
1 parent fed4536
commit 9b7296f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/.ado/jobs/desktop.yml b/.ado/jobs/desktop.yml
@@ -181,17 +181,18 @@ jobs:
 
               - template: ../templates/stop-packagers.yml
 
-            - task: BinSkim@3
+            - task: BinSkim@4
               displayName: Run Binskim Analysis
               condition: eq('${{ matrix.BuildConfiguration }}', 'Release')
               inputs:
                   InputType: 'Basic'
                   Function: 'analyze'
+                  TargetPattern: 'guardianGlob'
                   # Scanning v8jsi.dll in x64/x86 only, because PDBs are stripped in ARM64
                   ${{ if ne(matrix.BuildPlatform, 'ARM64') }}:
-                    AnalyzeTarget: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\*.dll'
+                    AnalyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\*.dll'
                   ${{ else }}:
-                    AnalyzeTarget: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\react-native-win32.dll'
+                    AnalyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\react-native-win32.dll'
                   AnalyzeVerbose: true
                   toolVersion: 'Latest'
               continueOnError: true

diff --git a/.ado/jobs/universal.yml b/.ado/jobs/universal.yml
@@ -161,18 +161,19 @@
                     arguments: -NoPrompt -Tags buildLab
 
                 - task: DownloadPipelineArtifact@1
-                  displayName: Download "ReactWindows.${{ matrix.buildPlatform }}.${{ matrix.buildConfiguration }}"
+                  displayName: Download "ReactWindows.${{ matrix.BuildPlatform }}.${{ matrix.BuildConfiguration }}"
                   inputs:
-                    targetPath: $(Build.SourcesDirectory)/vnext/target/${{ matrix.buildPlatform }}/${{ matrix.buildConfiguration }}
-                    artifactName: ReactWindows.${{ matrix.buildPlatform }}.${{ matrix.buildConfiguration }}
+                    targetPath: $(Build.SourcesDirectory)/vnext/target/${{ matrix.BuildPlatform }}/${{ matrix.BuildConfiguration }}
+                    artifactName: ReactWindows.${{ matrix.BuildPlatform }}.${{ matrix.BuildConfiguration }}
 
-                - task: BinSkim@3
+                - task: BinSkim@4
                   displayName: Run Binskim Analysis
                   condition: and(succeeded(), eq('${{ matrix.BuildConfiguration }}', 'Release'), ne('${{ matrix.BuildPlatform }}', 'ARM64'))
                   inputs:
                       InputType: 'Basic'
                       Function: 'analyze'
-                      AnalyzeTarget: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\Microsoft.ReactNative\Microsoft.ReactNative.dll'
+                      TargetPattern: 'guardianGlob'
+                      AnalyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\Microsoft.ReactNative\Microsoft.ReactNative.dll'
                       AnalyzeVerbose: true
                       toolVersion: 'LatestPreRelease'