Enable Binskim scan in CI builds (#4087)

author Milena Hristova <milena.hristova12@gmail.com>

Thu, 20 Jul 2023 23:17:37 +0000 (01:17 +0200)

committer GitHub <noreply@github.com>

Thu, 20 Jul 2023 23:17:37 +0000 (16:17 -0700)
author Milena Hristova <milena.hristova12@gmail.com>
Thu, 20 Jul 2023 23:17:37 +0000 (01:17 +0200)
committer GitHub <noreply@github.com>
Thu, 20 Jul 2023 23:17:37 +0000 (16:17 -0700)
diff --git a/diagnostics.yml b/diagnostics.yml

index 599fce356f28828cbeb503a369b24d7da2213f29..bd0e5e5a6d0cafca1fd4288358b675b0ac36001b 100644 (file)
--- a/diagnostics.yml
+++ b/diagnostics.yml
@@ -473,6 +473,8 @@ extends:
                enable: true
                continueOnError: true
                params: ' -SourceToolsList @("policheck","credscan")
+              -ArtifactToolsList @("binskim")
+              -BinskimAdditionalRunConfigParams @("IgnorePdbLoadError < True","Recurse < True")
                -TsaInstanceURL $(_TsaInstanceURL)
                -TsaProjectName $(_TsaProjectName)
                -TsaNotificationEmail $(_TsaNotificationEmail)
author	Milena Hristova <milena.hristova12@gmail.com>
	Thu, 20 Jul 2023 23:17:37 +0000 (01:17 +0200)
committer	GitHub <noreply@github.com>
	Thu, 20 Jul 2023 23:17:37 +0000 (16:17 -0700)