Investigate Component Governance runs in .NET builds #15143
Assignees
Labels
Central-EngSys
This issue is owned by the Engineering System team.
EngSys
This issue is impacting the engineering system.
Comments
kurtzeborn
added
the
Central-EngSys
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
See #14989 (comment) for some discussion.
Originally the Analyze Job ran after the Build job so that it could download and analyze the nupkg packages we are building. However that does not seem to be the case any longer and thus it is only running on packages that are committed in the repo. However I just looked at our CG runs and the packages are present and it looks like they are getting analyzed in our dev publishing step instead.
We should go through and remove the CG steps (and disable the auto-injected step) from our Analyze step and make that an explicit step in our publish job so we don't accidently stop analyzing these.
The text was updated successfully, but these errors were encountered: