-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move from CFG to XFG when XFG works and is mandatory #11948
Labels
Area-Build
Issues pertaining to the build system, CI, infrastructure, meta
Issue-Task
It's a feature request, but it doesn't really need a major design.
Needs-Tag-Fix
Doesn't match tag requirements
Product-Meta
The product is the management of the products.
Milestone
Comments
miniksa
added
Area-Build
Issues pertaining to the build system, CI, infrastructure, meta
Product-Meta
The product is the management of the products.
Issue-Task
It's a feature request, but it doesn't really need a major design.
labels
Dec 15, 2021
ghost
added
the
Needs-Triage
It's a new issue that the core contributor team needs to triage at the next triage meeting
label
Dec 15, 2021
4 tasks
zadjii-msft
modified the milestones:
Engineering Improvements 2021,
Engineering Improvements
Jan 3, 2022
zadjii-msft
removed
the
Needs-Triage
It's a new issue that the core contributor team needs to triage at the next triage meeting
label
Jan 3, 2022
ghost
pushed a commit
that referenced
this issue
Jan 5, 2022
Enables a series of tasks run against our release pipeline that validate the security and compliance status of our code in an automated fashion. These checks include: - Component Governance - (we had this one, it was moved to here) - Inventories open-source components used in our build - PREfast - C/C++ static analysis for common code errors and exploits - Policheck - Searches source code, comments, and text for words that could be sensitive legally, culturally, or geopolitically - Credscan - Looks for credentials left behind in the code/documents and build output files - BinSkim - Searches for common vulnerabilities in binaries - CheckCFlags - Validates that compile/link flags match the policies recommended by Windows engineering for inclusion into the OS product image - CFGCheck/XFGCheck - Validates that the CFG and/or XFG settings were enabled at compile and link time to guard against control flow attacks. We're also required to run the SBOM one, but that was done in a separate PR and we're still pending the detectors being updated. ## References - #11948 - Move from CFG to XFG once XFG task folks get back to me on it - #11949 - Enable bug filing for SecComp tasks - #11950 - Bulk process bugs filed by SecComp tasks - #11947 - Validate SBOM when checkers come online ## Checklist - [x] - Fixes #10735 - [x] - Fixes #908 - [x] - I work here - [x] - If it fits, it sits.
miniksa
added a commit
that referenced
this issue
Jan 10, 2022
Enables a series of tasks run against our release pipeline that validate the security and compliance status of our code in an automated fashion. These checks include: - Component Governance - (we had this one, it was moved to here) - Inventories open-source components used in our build - PREfast - C/C++ static analysis for common code errors and exploits - Policheck - Searches source code, comments, and text for words that could be sensitive legally, culturally, or geopolitically - Credscan - Looks for credentials left behind in the code/documents and build output files - BinSkim - Searches for common vulnerabilities in binaries - CheckCFlags - Validates that compile/link flags match the policies recommended by Windows engineering for inclusion into the OS product image - CFGCheck/XFGCheck - Validates that the CFG and/or XFG settings were enabled at compile and link time to guard against control flow attacks. We're also required to run the SBOM one, but that was done in a separate PR and we're still pending the detectors being updated. - #11948 - Move from CFG to XFG once XFG task folks get back to me on it - #11949 - Enable bug filing for SecComp tasks - #11950 - Bulk process bugs filed by SecComp tasks - #11947 - Validate SBOM when checkers come online - [x] - Fixes #10735 - [x] - Fixes #908 - [x] - I work here - [x] - If it fits, it sits.
microsoft-github-policy-service
bot
added
the
Needs-Tag-Fix
Doesn't match tag requirements
label
Mar 5, 2024
Tidying up |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Area-Build
Issues pertaining to the build system, CI, infrastructure, meta
Issue-Task
It's a feature request, but it doesn't really need a major design.
Needs-Tag-Fix
Doesn't match tag requirements
Product-Meta
The product is the management of the products.
The text was updated successfully, but these errors were encountered: