From 9b7296f6a8d72337b60806b1b493ac451b0c1062 Mon Sep 17 00:00:00 2001 From: Jon Thysell Date: Fri, 9 Jun 2023 12:42:31 -0700 Subject: [PATCH] [0.70] Upgrade to BinSkim@4 (#11737) This PR backports #11725 to 0.70. This PR updates our ADO pipelines to use BinSkim@4. --- .ado/jobs/desktop.yml | 7 ++++--- .ado/jobs/universal.yml | 11 ++++++----- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.ado/jobs/desktop.yml b/.ado/jobs/desktop.yml index 1e6c562b2e1..f91a5af85d1 100644 --- a/.ado/jobs/desktop.yml +++ b/.ado/jobs/desktop.yml @@ -181,17 +181,18 @@ jobs: - template: ../templates/stop-packagers.yml - - task: BinSkim@3 + - task: BinSkim@4 displayName: Run Binskim Analysis condition: eq('${{ matrix.BuildConfiguration }}', 'Release') inputs: InputType: 'Basic' Function: 'analyze' + TargetPattern: 'guardianGlob' # Scanning v8jsi.dll in x64/x86 only, because PDBs are stripped in ARM64 ${{ if ne(matrix.BuildPlatform, 'ARM64') }}: - AnalyzeTarget: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\*.dll' + AnalyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\*.dll' ${{ else }}: - AnalyzeTarget: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\react-native-win32.dll' + AnalyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\\React.Windows.Desktop.DLL\react-native-win32.dll' AnalyzeVerbose: true toolVersion: 'Latest' continueOnError: true diff --git a/.ado/jobs/universal.yml b/.ado/jobs/universal.yml index 0e1a0558f97..f4911eff2ca 100644 --- a/.ado/jobs/universal.yml +++ b/.ado/jobs/universal.yml @@ -161,18 +161,19 @@ arguments: -NoPrompt -Tags buildLab - task: DownloadPipelineArtifact@1 - displayName: Download "ReactWindows.${{ matrix.buildPlatform }}.${{ matrix.buildConfiguration }}" + displayName: Download "ReactWindows.${{ matrix.BuildPlatform }}.${{ matrix.BuildConfiguration }}" inputs: - targetPath: $(Build.SourcesDirectory)/vnext/target/${{ matrix.buildPlatform }}/${{ matrix.buildConfiguration }} - artifactName: ReactWindows.${{ matrix.buildPlatform }}.${{ matrix.buildConfiguration }} + targetPath: $(Build.SourcesDirectory)/vnext/target/${{ matrix.BuildPlatform }}/${{ matrix.BuildConfiguration }} + artifactName: ReactWindows.${{ matrix.BuildPlatform }}.${{ matrix.BuildConfiguration }} - - task: BinSkim@3 + - task: BinSkim@4 displayName: Run Binskim Analysis condition: and(succeeded(), eq('${{ matrix.BuildConfiguration }}', 'Release'), ne('${{ matrix.BuildPlatform }}', 'ARM64')) inputs: InputType: 'Basic' Function: 'analyze' - AnalyzeTarget: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\Microsoft.ReactNative\Microsoft.ReactNative.dll' + TargetPattern: 'guardianGlob' + AnalyzeTargetGlob: '$(Build.SourcesDirectory)\vnext\target\${{ matrix.BuildPlatform }}\${{ matrix.BuildConfiguration }}\Microsoft.ReactNative\Microsoft.ReactNative.dll' AnalyzeVerbose: true toolVersion: 'LatestPreRelease'