Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need a way to test CG changes before checking them in #5369

Open
lbussell opened this issue Apr 15, 2024 · 1 comment
Open

Need a way to test CG changes before checking them in #5369

lbussell opened this issue Apr 15, 2024 · 1 comment
Labels
area-infrastructure enhancement

Comments

@lbussell
Copy link
Contributor

Describe the Problem

Component governance is auto-injected into our 1ES Pipeline template jobs, including the "CG Code" pipeline. However, when the pipelines are run on non-production ("main" or "nightly" in our case) pipelines, the CG task doesn't run.

I would like a way to validate my CG fixes against the scanner before checking them in and getting surprised by what shows up. There may be an additional argument or parameter we can supply to the CG task or 1ESPT that forces CG to run (then we can feed it the "whatIf" parameter to make it a dry run).
@lbussell
Copy link
Contributor Author

[Triage] A list of the CG task parameters is here: https://docs.opensource.microsoft.com/tools/cg/component-detection/variables/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-infrastructure enhancement
Projects
.NET Docker
Status: Current Release
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lbussell