diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index ab2dc802..52562bc1 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -39,6 +39,8 @@ extends: image: 1es-windows-2022 os: windows sdl: + codeql: + excludePathPatterns: '/deps' codeSignValidation: enabled: true break: true diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 67559744..618b3a5b 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -41,6 +41,7 @@ extends: compiled: enabled: true # still only runs for default branch runSourceLanguagesInSourceAnalysis: true + excludePathPatterns: '/deps' settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml index 9bf2027a..90a3578d 100644 --- a/pack/templates/macos_64_env_gen.yml +++ b/pack/templates/macos_64_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml index b89d4813..ae3cf433 100644 --- a/pack/templates/nix_env_gen.yml +++ b/pack/templates/nix_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml index 8e9b0321..2eee3411 100644 --- a/pack/templates/win_env_gen.yml +++ b/pack/templates/win_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: |