fix: codeql exclusion for third party dependencies (#1617)

* codeql exclusion + skip scan for 3.7 * formatting --------- Co-authored-by: Victoria Hall <[email protected]>
Azure · Dec 4, 2024 · 6f00a89 · 6f00a89
1 parent 9151ecd
commit 6f00a89
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 0 deletions.
diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml
@@ -39,6 +39,8 @@ extends:
       image: 1es-windows-2022
       os: windows
     sdl:
+      codeql:
+        excludePathPatterns: '/deps'
       codeSignValidation:
         enabled: true
         break: true

diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml
@@ -41,6 +41,7 @@ extends:
          compiled:
            enabled: true # still only runs for default branch
          runSourceLanguagesInSourceAnalysis: true
+         excludePathPatterns: '/deps'
     settings:
       skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }}
     stages:

diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |

diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |

diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |