fix: codeql exclusion for third party dependencies (#1617)

hallvictoria · Victoria Hall · web-flow · commit 6f00a89ba7d2 · 2024-12-04T16:56:20.000-06:00
* codeql exclusion + skip scan for 3.7

* formatting

---------

Co-authored-by: Victoria Hall &lt;victoria.hall@microsoft.com&gt;
diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml
@@ -39,6 +39,8 @@ extends:
       image: 1es-windows-2022
       os: windows
     sdl:
+      codeql:
+        excludePathPatterns: '/deps'
       codeSignValidation:
         enabled: true
         break: true
diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml
@@ -41,6 +41,7 @@ extends:
          compiled:
            enabled: true # still only runs for default branch
          runSourceLanguagesInSourceAnalysis: true
+         excludePathPatterns: '/deps'
     settings:
       skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }}
     stages:
diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |
diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |
diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml
@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |
