Skip to content

Remove AsyncSDL from Pipelines Toggle Official/NonOfficial Runs #25885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Remove AsyncSDL from Pipelines Toggle Official/NonOfficial Runs #25885

wants to merge 5 commits into from

Conversation

jshigetomi
Copy link
Collaborator

  • Remove asyncSDL and add officialness parameter to all pipelines
  • Use boolean for toggling official and toggle release environment
  • Turn on binskim globalization invariant
  • Try as a variable
  • Set binskim exact tool version to 4.4.2

PR Summary

This pull request updates several Azure Pipeline YAML files to improve build configuration flexibility and security scanning consistency. The main changes introduce a new OfficialBuild parameter to control template selection and environment variables, standardize the use of BinSkim with a fixed tool version, and clean up legacy or redundant SDL scanning steps.

Build configuration improvements:

  • Added an OfficialBuild boolean parameter to multiple pipeline YAML files to allow conditional selection of official vs. non-official build templates. This enables more flexible build configurations based on the build type. [1] [2] [3] [4]
  • Updated template references to use the new templateFile variable, which is set based on the OfficialBuild parameter, ensuring the correct pipeline template is used for each build. [1] [2] [3] [4] [5] [6] [7]

Security scanning adjustments:

  • Set exactToolVersion: 4.4.2 for BinSkim across all pipelines to standardize the tool version and avoid compatibility issues. [1] [2] [3] [4] [5] [6]
  • Disabled BinSkim at the job level and set related environment variables to fix known issues with ICU packages in Linux containers. [1] [2]
  • Enabled incrementalSDLBinaryAnalysis in feature flags for more efficient and targeted security analysis. [1] [2] [3] [4]

Legacy and redundant step clean-up:

  • Removed legacy or redundant asyncSDL and credscan steps from several pipeline configurations to simplify and modernize the security scanning process. [1] [2] [3] [4]

Environment variable management:

  • Added logic to set the releaseEnvironment variable based on the OfficialBuild parameter, ensuring the correct environment context for release pipelines. [1] [2]

These changes collectively improve pipeline maintainability, security scanning reliability, and build environment flexibility.

PR Context

PR Checklist

@jshigetomi jshigetomi requested a review from a team as a code owner August 21, 2025 21:46
@jshigetomi jshigetomi added CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log BackPort-7.4.x-Consider BackPort-7.5.x-Consider labels Aug 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
BackPort-7.4.x-Consider BackPort-7.5.x-Consider CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jshigetomi