codeql exclusion + skip scan for 3.7

Azure · Dec 4, 2024 · dfa6488 · dfa6488
1 parent 9151ecd
commit dfa6488
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 0 deletions.
diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml
@@ -31,6 +31,7 @@ variables:
   - template: /eng/templates/utils/variables.yml@self
   - template: /eng/templates/utils/official-variables.yml@self
 
+
 extends:
   template: v1/1ES.Official.PipelineTemplate.yml@1es
   parameters:
@@ -39,6 +40,8 @@ extends:
       image: 1es-windows-2022
       os: windows
     sdl:
+      codeql:
+        excludePathPatterns: '/deps'
       codeSignValidation:
         enabled: true
         break: true

diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml
@@ -41,6 +41,7 @@ extends:
          compiled:
            enabled: true # still only runs for default branch
          runSourceLanguagesInSourceAnalysis: true
+         excludePathPatterns: '/deps'
     settings:
       skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }}
     stages:

diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |

diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |

diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |