From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 16 Jun 2017 22:31:17 +0000 (-0500)
Subject: Security build JSONs. (dotnet/coreclr#12279)
X-Git-Tag: submit/tizen/20210909.063632~11030^2~6925^2~404
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=88765f967d23f6c29de478428cab1285e0912ece;p=platform%2Fupstream%2Fdotnet%2Fruntime.git

Security build JSONs. (dotnet/coreclr#12279)



Commit migrated from https://github.com/dotnet/coreclr/commit/d055dcf991a0a24d6c9542cf0f1e5d69e7403205
---

diff --git a/src/coreclr/buildpipeline/security/DotNet-CoreClr-Security-Windows.json b/src/coreclr/buildpipeline/security/DotNet-CoreClr-Security-Windows.json
new file mode 100644
index 0000000..8fad6c4
--- /dev/null
+++ b/src/coreclr/buildpipeline/security/DotNet-CoreClr-Security-Windows.json
@@ -0,0 +1,581 @@
+{
+    "build": [
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Run clean.cmd",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "filename": "clean.cmd",
+                "arguments": "-all",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "failOnStandardError": "false"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Run sync to download packages",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "scriptType": "inlineScript",
+                "scriptName": "",
+                "arguments": "$(PB_CloudDropAccountName) $(PB_CloudDropAccessToken) $(PB_CloudDropContainer)",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "inlineScript": "param($account, $token, $container)\n.\\sync.cmd -ab -- /p:CloudDropAccountName=$account /p:CloudDropAccessToken=$token /p:ContainerName=$container",
+                "failOnStandardError": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Extract downloaded nupkgs",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "scriptType": "inlineScript",
+                "scriptName": "",
+                "arguments": "$(Build.SourcesDirectory)",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\packages\\AzureTransfer\\Release\\symbolpkg\"\ngci \"$pkgDir\\*.nupkg\" | rename-item -newname { [io.path]::ChangeExtension($_.name, \"zip\") }\ngci \"$pkgDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
+                "failOnStandardError": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": false,
+            "alwaysRun": false,
+            "displayName": "List all files",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "scriptType": "inlineScript",
+                "scriptName": "",
+                "arguments": "$(Build.SourcesDirectory)",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+                "failOnStandardError": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Remove api-*, ucrtbase*, and files other than DLLs, PDBs and TXT",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "scriptType": "inlineScript",
+                "scriptName": "",
+                "arguments": "$(Build.SourcesDirectory)",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$extList = \".dll\", \".pdb\", \".txt\"\ngci $secDir -Recurse | where { !$_.PSIsContainer } | % {\nif ($extList -inotcontains $_.Extension -or $_.BaseName -like \"api-*\" -or $_.BaseName -like \"ucrtbase*\")\n{\n    rm $_.FullName -Force\n    Write-Host \"Removed $($_.FullName)\"\n}\n}\n\n",
+                "failOnStandardError": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Workaround for long path - DELETE files with path length greater than or equal to 240 characters",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "scriptType": "inlineScript",
+                "scriptName": "",
+                "arguments": "$(Build.SourcesDirectory)",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "inlineScript": "param($SrcDir)\n$longPath = New-Object System.Collections.ArrayList\ngci \"$SrcDir\\*\" -recurse | where {!$_.PSIsContainer}  | % {\nif ($($_.FullName.Length) -ge 240)\n{\n$longPath.Add($($_.Directory.FullName)) | Out-Null\n}\n}\n$longPath | % {\nStart-Process \"cmd\" -ArgumentList \"/c rd /S /Q $_\" -Wait\nWrite-Host \"DELETED $_\"\n}\n",
+                "failOnStandardError": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": false,
+            "alwaysRun": false,
+            "displayName": "List all files - post delete",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "scriptType": "inlineScript",
+                "scriptName": "",
+                "arguments": "$(Build.SourcesDirectory)",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+                "failOnStandardError": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Run BinSkim ",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "3056813a-40e9-4b2f-8f6b-612d1bc4e045",
+                "versionSpec": "3.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "InputType": "CommandLine",
+                "arguments": "analyze security\\*.dll --recurse --sympath security\\*.pdb --verbose --statistics",
+                "Function": "analyze",
+                "AnalyzeTarget": "$(Build.ArtifactStagingDirectory)",
+                "AnalyzeSymPath": "",
+                "AnalyzeConfigPath": "default",
+                "AnalyzePluginPath": "",
+                "AnalyzeRecurse": "true",
+                "AnalyzeVerbose": "true",
+                "AnalyzeHashes": "true",
+                "AnalyzeStatistics": "false",
+                "AnalyzeEnvironment": "false",
+                "ExportRulesOutputType": "SARIF",
+                "DumpTarget": "$(Build.ArtifactStagingDirectory)",
+                "DumpRecurse": "true",
+                "DumpVerbose": "true",
+                "toolVersion": "Latest"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Run APIScan",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "9adea2b1-3752-438c-80c6-a6f0a812abdd",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "targetMode": "binarysym",
+                "softwareFolder": "$(Build.SourcesDirectory)\\security",
+                "mpdFolder": "",
+                "softwareName": "CoreCLR",
+                "softwareVersionNum": "$(PB_BuildNumber)",
+                "softwareBuildNum": "$(PB_BuildNumber)",
+                "modeType": "prerelease",
+                "noCopySymbols": "false",
+                "noCopyBinaries": "false",
+                "noDecompress": "true",
+                "exclusionList": "",
+                "email": "",
+                "symbolsFolder": "$(Build.SourcesDirectory)\\security",
+                "preBbtBinariesFolder": "",
+                "preBbtSymbolsFolder": "",
+                "isLargeApp": "false",
+                "analyzerTimeout": "00:00:00",
+                "preserveTempFiles": "false",
+                "toolVersion": "Latest"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": false,
+            "alwaysRun": false,
+            "displayName": "git checkout",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "scriptType": "inlineScript",
+                "scriptName": "",
+                "arguments": "$(Build.SourcesDirectory) \"$(PB_Git)\"",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "inlineScript": "param($SrcDir, $git)\n$pkgExtPath= Join-Path \"$SrcDir\" \"security\"\ngci \"$pkgExtPath\\version.txt\" -Recurse | % { \n$sha = gc $_\nWrite-Host \"$sha\"\nif (-not [string]::IsNullOrWhiteSpace($sha))\n{\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\nbreak\n}\n}",
+                "failOnStandardError": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Run CredScan",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "ea576cd4-c61f-48f8-97e7-a3cb07b90a6f",
+                "versionSpec": "2.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "outputFormat": "pre",
+                "toolVersion": "Latest",
+                "scanFolder": "$(Build.SourcesDirectory)",
+                "searchersFileType": "Default",
+                "searchersFile": "",
+                "suppressionsFile": "",
+                "suppressAsError": "false",
+                "batchSize": ""
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Run PoliCheck",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "d785890c-0d0d-46bd-8167-8fa9d49990c7",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "inputType": "Basic",
+                "cmdLineArgs": "/F:$(Build.SourcesDirectory) /T:9 /O:PoliCheck.xml",
+                "targetType": "F",
+                "targetArgument": "$(Build.SourcesDirectory)",
+                "importEx": "0",
+                "termTypeT": "0029a9",
+                "termTypeTCustom": "9",
+                "termTypeK": "",
+                "termTypeL": "",
+                "EXGT": "false",
+                "result": "PoliCheck.xml",
+                "optionsFC": "1",
+                "optionsXS": "1",
+                "optionsCTGLEN": "",
+                "optionsSEV": "",
+                "optionsPE": "",
+                "optionsHMENABLE": "",
+                "optionsHPATH": "",
+                "optionsHVER": "",
+                "optionsRulesDBPath": "",
+                "optionsRule": "",
+                "optionsXCLASS": "",
+                "optionsTASKNAME": "",
+                "optionsWORKINGDIRECTORY": "",
+                "optionsFTPATH": "",
+                "optionsD": "",
+                "optionsB1": "",
+                "optionsB2": "",
+                "optionsB3": "",
+                "optionsOCDB": "",
+                "toolVersion": "Latest"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Post Analysis",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "f5679091-e6da-4974-a8dc-0eec03a8ea63",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "APIScan": "true",
+                "BinScope": "false",
+                "BinSkim": "true",
+                "BinSkimBreakOn": "Error",
+                "CredScan": "true",
+                "FortifySCA": "false",
+                "FxCop": "false",
+                "FxCopBreakOn": "ErrorAbove",
+                "ModernCop": "false",
+                "ModernCopBreakOn": "Error",
+                "PoliCheck": "true",
+                "PoliCheckBreakOn": "Severity1",
+                "SDLNativeRules": "false"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Publish Security Analysis Logs",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "4096c760-3a8a-435d-9689-88c0311bbc0e",
+                "versionSpec": "2.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "ArtifactName": "CodeAnalysisLogs",
+                "ArtifactType": "Container",
+                "TargetPath": "\\\\my\\share\\$(Build.DefinitionName)\\$(Build.BuildNumber)",
+                "RvName": "",
+                "ProductComponentName": "",
+                "ProductVersionNumber": "",
+                "PlatformName": "",
+                "SDLToolName": "",
+                "SDLToolResultFile": ""
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "TSA upload to Codebase: DotNet-CoreCLR-Trusted_master Stamp: Azure",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "3da26988-bb64-4a23-8f06-45531d297dae",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "codebase": "NewOrUpdate",
+                "tsaStamp": "Azure",
+                "tsaWebApiUrl": "$(TSAStamp)",
+                "codeBaseName": "DotNet-CoreCLR-Trusted_master",
+                "notificationAlias": "dncsec@microsoft.com",
+                "codeBaseAdmins": "NORTHAMERICA\\raeda",
+                "instanceUrlAzure": "MSAZURE",
+                "instanceUrlBing": "",
+                "instanceUrlCarbon": "",
+                "instanceUrlDevDiv": "DEVDIV",
+                "instanceUrlSkype": "",
+                "instanceUrlTsa": "",
+                "instanceUrlPpe": "",
+                "projectNameDAIPVSTF": "",
+                "projectNameDYNAMICSCRM": "",
+                "projectNameMSAZURE": "One",
+                "projectNameMSDYENG": "",
+                "projectNameMSECG": "",
+                "projectNameVSTFRD": "",
+                "projectNameMSASG": "",
+                "projectNameMICROSOFTVSTS": "",
+                "projectNameMSDATA": "",
+                "projectNameMSENG": "",
+                "projectNameDEVDIV": "DevDiv",
+                "projectNameSKYPETEST2": "",
+                "projectNameONEDRIVE": "",
+                "projectNameSQLBUVSTS": "",
+                "projectNamePOWERBI": "",
+                "projectNameAZUREVSTFPPE": "",
+                "projectNameSKYPE": "",
+                "projectNameDOMOREEXP": "",
+                "projectNameSQLBUVSTSTEST": "",
+                "areaPath": "One\\DevDiv\\DotNetCore",
+                "iterationPath": "One",
+                "uploadAPIScan": "true",
+                "uploadBinScope": "false",
+                "uploadBinSkim": "true",
+                "uploadCredScan": "true",
+                "uploadFortifySCA": "false",
+                "uploadFxCop": "false",
+                "uploadModernCop": "false",
+                "uploadPoliCheck": "true",
+                "uploadPREfast": "false",
+                "validateToolOutput": "Warning",
+                "validateCompatibility": "Error",
+                "uploadAsync": "true"
+            }
+        },
+        {
+            "enabled": true,
+            "continueOnError": true,
+            "alwaysRun": false,
+            "displayName": "Run clean.cmd",
+            "timeoutInMinutes": 0,
+            "condition": "succeeded()",
+            "task": {
+                "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+                "versionSpec": "1.*",
+                "definitionType": "task"
+            },
+            "inputs": {
+                "filename": "clean.cmd",
+                "arguments": "-all",
+                "workingFolder": "$(Build.SourcesDirectory)",
+                "failOnStandardError": "false"
+            }
+        }
+    ],
+    "options": [
+        {
+            "enabled": false,
+            "definition": {
+                "id": "5bc3cfb7-6b54-4a4b-b5d2-a3905949f8a6"
+            },
+            "inputs": {}
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "7c555368-ca64-4199-add6-9ebaf0b0137d"
+            },
+            "inputs": {
+                "multipliers": "[]",
+                "parallel": "false",
+                "continueOnError": "true",
+                "additionalFields": "{}"
+            }
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "a9db38f9-9fdc-478c-b0f9-464221e58316"
+            },
+            "inputs": {
+                "workItemType": "234347",
+                "assignToRequestor": "true",
+                "additionalFields": "{}"
+            }
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "57578776-4c22-4526-aeb0-86b6da17ee9c"
+            },
+            "inputs": {}
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "5d58cc01-7c75-450c-be18-a388ddb129ec"
+            },
+            "inputs": {
+                "branchFilters": "[\"+refs/heads/*\"]",
+                "additionalFields": "{}"
+            }
+        }
+    ],
+    "variables": {
+        "system.debug": {
+            "value": "false"
+        }
+    },
+    "demands": [
+        "Agent.OS -equals windows_nt",
+        "msbuild"
+    ],
+    "retentionRules": [
+        {
+            "branches": [
+                "+refs/heads/*"
+            ],
+            "artifacts": [
+                "build.SourceLabel"
+            ],
+            "artifactTypesToDelete": [],
+            "daysToKeep": 10,
+            "minimumToKeep": 1,
+            "deleteBuildRecord": true,
+            "deleteTestResults": true
+        }
+    ],
+    "_links": {
+        "self": {
+            "href": "https://devdiv.visualstudio.com/0bdbc590-a062-4c3f-b0f6-9383f67865ee/_apis/build/Definitions/6389"
+        },
+        "web": {
+            "href": "https://devdiv.visualstudio.com/_permalink/_build/index?collectionId=011b8bdf-6d56-4f87-be0d-0092136884d9&projectId=0bdbc590-a062-4c3f-b0f6-9383f67865ee&definitionId=6389"
+        },
+        "editor": {
+            "href": "https://devdiv.visualstudio.com/_permalink/_build/definitionEditor?collectionId=011b8bdf-6d56-4f87-be0d-0092136884d9&projectId=0bdbc590-a062-4c3f-b0f6-9383f67865ee&definitionId=6389"
+        },
+        "badge": {
+            "href": "https://devdiv.visualstudio.com/_apis/public/build/definitions/0bdbc590-a062-4c3f-b0f6-9383f67865ee/6389/badge"
+        }
+    },
+    "buildNumberFormat": "$(date:yyyyMMdd)$(rev:-rr)",
+    "jobAuthorizationScope": 1,
+    "jobTimeoutInMinutes": 600,
+    "jobCancelTimeoutInMinutes": 5,
+    "badgeEnabled": true,
+    "repository": {
+        "properties": {
+            "cleanOptions": "3",
+            "labelSources": "0",
+            "labelSourcesFormat": "$(build.buildNumber)",
+            "reportBuildStatus": "true",
+            "gitLfsSupport": "false",
+            "skipSyncSource": "false",
+            "checkoutNestedSubmodules": "false",
+            "fetchDepth": "0"
+        },
+        "id": "670e3783-ab4f-44fc-9786-d332007da311",
+        "type": "TfsGit",
+        "name": "DotNet-CoreCLR-Trusted",
+        "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-CoreCLR-Trusted",
+        "defaultBranch": "refs/heads/master",
+        "clean": "false",
+        "checkoutSubmodules": false
+    },
+    "processParameters": {},
+    "quality": 1,
+    "authoredBy": {
+        "id": "9d5fdf9f-36b6-4d0c-a12e-2737a673af94",
+        "displayName": "Ravi Eda",
+        "uniqueName": "raeda@microsoft.com",
+        "url": "https://app.vssps.visualstudio.com/Aa44b2c06-f247-425c-8464-4a0676af910a/_apis/Identities/9d5fdf9f-36b6-4d0c-a12e-2737a673af94",
+        "imageUrl": "https://devdiv.visualstudio.com/_api/_common/identityImage?id=9d5fdf9f-36b6-4d0c-a12e-2737a673af94"
+    },
+    "queue": {
+        "id": 36,
+        "name": "DotNet-Build",
+        "pool": {
+            "id": 39,
+            "name": "DotNet-Build"
+        }
+    },
+    "id": 6389,
+    "name": "DotNet-CoreCLR-Security-Windows",
+    "url": "https://devdiv.visualstudio.com/0bdbc590-a062-4c3f-b0f6-9383f67865ee/_apis/build/Definitions/6389",
+    "uri": "vstfs:///Build/Definition/6389",
+    "path": "\\",
+    "revision": 2,
+    "createdDate": "2017-06-13T19:06:48.730Z",
+    "project": {
+        "id": "0bdbc590-a062-4c3f-b0f6-9383f67865ee",
+        "name": "DevDiv",
+        "description": "Visual Studio and DevDiv team project for git source code repositories.  Work items will be added for Adams, Dev14 work items are tracked in vstfdevdiv.  ",
+        "url": "https://devdiv.visualstudio.com/_apis/projects/0bdbc590-a062-4c3f-b0f6-9383f67865ee",
+        "state": "wellFormed",
+        "revision": 418097695,
+        "visibility": 0
+    }
+}
diff --git a/src/coreclr/buildpipeline/security/pipeline.json b/src/coreclr/buildpipeline/security/pipeline.json
new file mode 100644
index 0000000..95416f0
--- /dev/null
+++ b/src/coreclr/buildpipeline/security/pipeline.json
@@ -0,0 +1,22 @@
+{
+    "Repository": "coreclr",
+    "Definitions": {
+        "Path": ".",
+        "Type": "VSTS",
+        "BaseUrl": "https://devdiv.visualstudio.com/DefaultCollection",
+        "SkipBranchAndVersionOverrides": "false"
+    },
+    "Pipelines": [
+        {
+            "Name": "Security Build for Windows",
+            "Parameters": {
+                "TreatWarningsAsErrors": "false"
+            },
+            "Definitions": [
+                {
+                    "Name": "DotNet-CoreCLR-Security-Windows"
+                }
+            ]
+        }
+    ]
+}