Skip to content

[release/9.0] Add CG.ignoreDirectories in ci.yml and specify sdk in global.json #1434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 21, 2025
Merged

[release/9.0] Add CG.ignoreDirectories in ci.yml and specify sdk in global.json #1434

merged 1 commit into from
Oct 21, 2025

Conversation

@MichaelSimons
Copy link
Member

@MichaelSimons MichaelSimons commented Oct 20, 2025

Related to #1433

There are two issues being addressed:

  1. 1ES template CG step is detecting the reference packages themselves. These are intended to be ignored as seen in the arcade SB template. Something changes in the templates causing the 1EST template to catch these.
  2. global.json was not specifying the sdk settings therefore the latest SDK on the build agent was getting picked up which was vulnerable (unpatched newer feature band).

@MichaelSimons MichaelSimons requested a review from a team as a code owner October 20, 2025 22:02
@MichaelSimons MichaelSimons changed the title Add CG.ignoreDirectories in ci.yml and specify sdk in global.json [release/9.0] Add CG.ignoreDirectories in ci.yml and specify sdk in global.json Oct 20, 2025
MichaelSimons
MichaelSimons commented Oct 20, 2025
View reviewed changes
@MichaelSimons MichaelSimons mentioned this pull request Oct 21, 2025
Open
@MichaelSimons MichaelSimons merged commit a9cadb0 into release/9.0 Oct 21, 2025
4 checks passed
@MichaelSimons MichaelSimons deleted the CG-9.0 branch October 21, 2025 13:28
@MichaelSimons MichaelSimons mentioned this pull request Oct 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mthalman mthalman mthalman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MichaelSimons @mthalman