diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index ab2dc8020..52562bc19 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -39,6 +39,8 @@ extends: image: 1es-windows-2022 os: windows sdl: + codeql: + excludePathPatterns: '/deps' codeSignValidation: enabled: true break: true diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 675597448..618b3a5bf 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -41,6 +41,7 @@ extends: compiled: enabled: true # still only runs for default branch runSourceLanguagesInSourceAnalysis: true + excludePathPatterns: '/deps' settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml index 9bf2027ab..90a3578d7 100644 --- a/pack/templates/macos_64_env_gen.yml +++ b/pack/templates/macos_64_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml index b89d48133..ae3cf4330 100644 --- a/pack/templates/nix_env_gen.yml +++ b/pack/templates/nix_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml index 8e9b0321c..2eee3411a 100644 --- a/pack/templates/win_env_gen.yml +++ b/pack/templates/win_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: |