Update Pipelines (#549)

Update PR and Release pipelines
2023-06-19 16:00:01 -07:00 · 2023-06-19 16:00:01 -07:00 · bd25052fd2
--- a/Pipelines/appinspector-pr.yml
+++ b/Pipelines/appinspector-pr.yml
@ -0,0 +1,115 @@
+name: ApplicationInspector_PR_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
+trigger: none
+pr:
+  branches:
+    include:
+    - main
+  paths:
+    include:
+    - Pipelines
+    - AppInspector/*
+    - AppInspector.CLI/*
+    - AppInspector.Common/*
+    - AppInspector.Logging/*
+    - AppInspector.RulesEngine/*
+    - AppInspector.Tests/*
+    - AppInspector.Tests.CLI/*
+
+resources:
+  repositories:
+    - repository: templates
+      type: git
+      name: SecurityEngineering/OSS-Tools-Pipeline-Templates
+      ref: refs/tags/v1.0.7
+
+variables:
+  BuildConfiguration: 'Release'
+  DotnetVersion: '7.0.x'
+  DotnetVersionLTS: '6.0.x'
+  DotnetTargetFramework: 'net7.0'
+
+stages:
+- stage: Test
+  dependsOn: []
+  jobs:
+  - template: dotnet-test-job.yml@templates
+    parameters:
+      jobName: 'dotnet_test_windows'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      dotnetVersionLTS: ${{ variables.DotnetVersionLTS }}
+      vmImage: 'oss-tools-win2022_1es-managed'
+      projectPath: 'AppInspector.Tests/AppInspector.Tests.csproj'
+
+- stage: SDL
+  dependsOn: []
+  jobs:
+  - template: sdl-job.yml@templates
+
+- stage: Build
+  dependsOn:
+  - Test
+  jobs:
+  - template: dotnet-publish-linux-mac-job.yml@templates
+    parameters:
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      targetFramework: '${{ variables.DotnetTargetFramework }}'
+      projectPath: 'AppInspector.CLI/AppInspector.CLI.csproj'
+      projectName: 'ApplicationInspector'
+      exePath: 'ApplicationInspector.CLI'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: dotnet-publish-win-netcore-job.yml@templates
+    parameters:
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      targetFramework: '${{ variables.DotnetTargetFramework }}'
+      projectPath: 'AppInspector.CLI/AppInspector.CLI.csproj'
+      projectName: 'ApplicationInspector'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
+    parameters:
+      jobName: 'pack_lib'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      projectPath: 'AppInspector/AppInspector.Commands.csproj'
+      projectName: 'ApplicationInspector_Commands'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
+    parameters:
+      jobName: 'pack_engine'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      projectPath: 'AppInspector.RulesEngine/AppInspector.RulesEngine.csproj'
+      projectName: 'ApplicationInspector_RulesEngine'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
+    parameters:
+      jobName: 'pack_common'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      projectPath: 'AppInspector.Common/AppInspector.Common.csproj'
+      projectName: 'ApplicationInspector_Common'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
+    parameters:
+      jobName: 'pack_logging'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      projectPath: 'AppInspector.Logging/AppInspector.Logging.csproj'
+      projectName: 'ApplicationInspector_Logging'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
+    parameters:
+      jobName: 'pack_cli'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      projectPath: 'AppInspector.CLI/AppInspector.CLI.csproj'
+      projectName: 'ApplicationInspector_CLI'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
--- a/Pipelines/appinspector-release.yml
+++ b/Pipelines/appinspector-release.yml
@ -1,17 +1,4 @@
-# Azure Pipelines
-# https://aka.ms/yaml
-
-variables:
- name: CurrentSDK
-  value: 7.0.x
- name: CurrentFramework
-  value: net7.0
- name: LTS_SDK
-  value: 6.0.x
- name: LTS_Framework
-  value: net6.0
-
-name: ApplicationInspector_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
+name: ApplicationInspector_Release_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
 trigger:
  batch: true
  branches:
@ -24,112 +11,124 @@ trigger:
    - AppInspector.Common/*
    - AppInspector.Logging/*
    - AppInspector.RulesEngine/*
-pr:
-  branches:
-    include:
-    - main
-  paths:
-    include:
-    - Pipelines
-    - AppInspector/*
-    - AppInspector.CLI/*
-    - AppInspector.Common/*
-    - AppInspector.Logging/*
-    - AppInspector.RulesEngine/*
-    - AppInspector.Tests/*
-    - AppInspector.Tests.CLI/*
+pr: none
+
+resources:
+  repositories:
+    - repository: templates
+      type: git
+      name: SecurityEngineering/OSS-Tools-Pipeline-Templates
+      ref: refs/tags/v1.0.7
+
+variables:
+  BuildConfiguration: 'Release'
+  DotnetVersion: '7.0.x'
+  DotnetVersionLTS: '6.0.x'
+  DotnetTargetFramework: 'net7.0'

 stages:
 - stage: Test
+  dependsOn: []
  jobs:
-  - template: templates/dotnet-test-job.yml
+  - template: dotnet-test-job.yml@templates
    parameters:
-      jobName: "test_current"
-      dotnetVersion: ${{ variables.currentSDK }}
-      dotnetVersionLTS: ${{ variables.LTS_SDK }}
+      jobName: 'dotnet_test_windows'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      dotnetVersionLTS: ${{ variables.DotnetVersionLTS }}
+      vmImage: 'oss-tools-win2022_1es-managed'
      projectPath: 'AppInspector.Tests/AppInspector.Tests.csproj'
-      
+
 - stage: SDL
-  dependsOn: Test
+  dependsOn: []
  jobs:
-  - template: templates/sdl-job.yml
-    parameters:
-      serviceTreeID: '80207f22-ee58-4fd1-bdd5-4b1ecc3e7c9f'
+  - template: sdl-job.yml@templates
      
 - stage: Build
-  dependsOn: Test
+  dependsOn:
+  - Test
  jobs:
-  - template: templates/dotnet-publish-linux-mac-job.yml
+  - template: dotnet-publish-linux-mac-job.yml@templates
    parameters:
-      dotnetVersion: '${{ variables.CurrentSDK }}'
-      publishFrameworkVersion: '${{ variables.CurrentFramework }}'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      targetFramework: '${{ variables.DotnetTargetFramework }}'
+      projectPath: 'AppInspector.CLI/AppInspector.CLI.csproj'
+      projectName: 'ApplicationInspector'
+      exePath: 'ApplicationInspector.CLI'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: dotnet-publish-win-netcore-job.yml@templates
+    parameters:
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
+      targetFramework: '${{ variables.DotnetTargetFramework }}'
      projectPath: 'AppInspector.CLI/AppInspector.CLI.csproj'
      projectName: 'ApplicationInspector'
      preBuild:
-      - template: templates/nbgv-set-version-steps.yml
-  - template: templates/dotnet-publish-win-netcore-job.yml
-    parameters:
-      dotnetVersion: '${{ variables.CurrentSDK }}'
-      publishFrameworkVersion: '${{ variables.CurrentFramework }}'
-      projectPath: 'AppInspector.CLI/AppInspector.CLI.csproj'
-      projectName: 'ApplicationInspector'
-      preBuild:
-      - template: templates/nbgv-set-version-steps.yml
-  - template: templates/nuget-build-job.yml
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
    parameters:
      jobName: 'pack_lib'
-      dotnetVersion: '${{ variables.CurrentSDK }}'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
      projectPath: 'AppInspector/AppInspector.Commands.csproj'
      projectName: 'ApplicationInspector_Commands'
-  - template: templates/nuget-build-job.yml
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
    parameters:
      jobName: 'pack_engine'
-      dotnetVersion: '${{ variables.CurrentSDK }}'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
      projectPath: 'AppInspector.RulesEngine/AppInspector.RulesEngine.csproj'
      projectName: 'ApplicationInspector_RulesEngine'
-  - template: templates/nuget-build-job.yml
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
    parameters:
      jobName: 'pack_common'
-      dotnetVersion: '${{ variables.CurrentSDK }}'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
      projectPath: 'AppInspector.Common/AppInspector.Common.csproj'
      projectName: 'ApplicationInspector_Common'
-  - template: templates/nuget-build-job.yml
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
    parameters:
      jobName: 'pack_logging'
-      dotnetVersion: '${{ variables.CurrentSDK }}'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
      projectPath: 'AppInspector.Logging/AppInspector.Logging.csproj'
      projectName: 'ApplicationInspector_Logging'
-  - template: templates/nuget-build-job.yml
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates
+  - template: nuget-build-job.yml@templates
    parameters:
      jobName: 'pack_cli'
-      dotnetVersion: '${{ variables.CurrentSDK }}'
+      buildConfiguration: '${{ variables.BuildConfiguration }}'
+      dotnetVersion: ${{ variables.DotnetVersion }}
      projectPath: 'AppInspector.CLI/AppInspector.CLI.csproj'
      projectName: 'ApplicationInspector_CLI'
+      preBuild:
+      - template: nbgv-set-version-steps.yml@templates

 - stage: Release
  dependsOn:
  - SDL
  - Build
-  condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
+  condition: succeeded()
  jobs:
  - job: sign_hash_release
    displayName: Code Sign, Generate Hashes, Publish Public Releases
    pool:
-      vmImage: 'windows-latest'
+      name: 'OSS-Tools-1ESPool'
+      vmImage: 'oss-tools-win2022_1es-managed'
    steps:
-    - task: UseDotNet@2
+    - task: UseDotNet@2 # For ESRP. Do not use variable.
      inputs:
        packageType: 'sdk'
-        version: '${{ variables.CurrentSDK }}'
-    - script: 'dotnet tool update -g nbgv'
-      displayName: 'Install GitVersioning'
-    - task: PowerShell@2
-      displayName: Set Release Version
-      inputs:
-        targetType: 'inline'
-        script: |
-          $version = (nbgv get-version -v AssemblyInformationalVersion).split('+')[0]
-          Write-Host "##vso[task.setvariable variable=ReleaseVersion;]$version"
+        version: '6.0.x'
+    - template: nbgv-set-version-steps.yml@templates
    - task: DownloadBuildArtifacts@0
      displayName: Download Unsigned Archives
      inputs:
@ -155,16 +154,13 @@ stages:
        TreatSignatureUpdateFailureAs: 'Warning'
        SignatureFreshness: 'UpToDate'
        TreatStaleSignatureAs: 'Warning'
-    - task: UseDotNet@2
-      inputs:
-        packageType: 'sdk'
-        version: '2.1.804'
+    # First party code signing
    - task: EsrpCodeSigning@1
-      displayName: Code Sign Linux
+      displayName: First Party Code Sign Linux
      inputs:
        ConnectedServiceName: 'AppInspector_CodeSign'
        FolderPath: '$(Build.BinariesDirectory)/linux/ApplicationInspector_linux_$(ReleaseVersion)'
-        Pattern: 'ApplicationInspector.CLI.dll, ApplicationInspector.Commands.dll, ApplicationInspector.RulesEngine.dll'
+        Pattern: 'ApplicationInspector.*.dll, OAT.dll, RecursiveExtractor.dll, Sarif.dll'
        signConfigType: 'inlineSignParams'
        inlineOperation: |
          [
@ -193,11 +189,11 @@ stages:
        MaxConcurrency: '50'
        MaxRetryAttempts: '5'
    - task: EsrpCodeSigning@1
-      displayName: Code Sign MacOS
+      displayName: First Party Code Sign MacOS
      inputs:
        ConnectedServiceName: 'AppInspector_CodeSign'
        FolderPath: '$(Build.BinariesDirectory)/macos/ApplicationInspector_macos_$(ReleaseVersion)'
-        Pattern: 'ApplicationInspector.CLI.dll, ApplicationInspector.Commands.dll, ApplicationInspector.RulesEngine.dll, ApplicationInspector.Common.dll'
+        Pattern: 'ApplicationInspector.*.dll, OAT.dll, RecursiveExtractor.dll, Sarif.dll'
        signConfigType: 'inlineSignParams'
        inlineOperation: |
          [
@ -226,11 +222,11 @@ stages:
        MaxConcurrency: '50'
        MaxRetryAttempts: '5'
    - task: EsrpCodeSigning@1
-      displayName: Code Sign Windows
+      displayName: First Party Code Sign Windows
      inputs:
        ConnectedServiceName: 'AppInspector_CodeSign'
        FolderPath: '$(Build.BinariesDirectory)/win/ApplicationInspector_win_$(ReleaseVersion)'
-        Pattern: 'ApplicationInspector.CLI.dll, ApplicationInspector.CLI.exe, ApplicationInspector.Commands.dll, ApplicationInspector.RulesEngine.dll, ApplicationInspector.Common.dll'
+        Pattern: 'ApplicationInspector.*.dll, ApplicationInspector.CLI.exe, OAT.dll, RecursiveExtractor.dll, Sarif.dll'
        signConfigType: 'inlineSignParams'
        inlineOperation: |
          [
@ -259,11 +255,11 @@ stages:
        MaxConcurrency: '50'
        MaxRetryAttempts: '5'
    - task: EsrpCodeSigning@1
-      displayName: Code Sign .NET Core App
+      displayName: First Party Code Sign .NET Core App
      inputs:
        ConnectedServiceName: 'AppInspector_CodeSign'
        FolderPath: '$(Build.BinariesDirectory)/netcoreapp/ApplicationInspector_netcoreapp_$(ReleaseVersion)'
-        Pattern: 'ApplicationInspector.CLI.dll, ApplicationInspector.CLI.exe, ApplicationInspector.Commands.dll, ApplicationInspector.RulesEngine.dll, ApplicationInspector.Common.dll'
+        Pattern: 'ApplicationInspector.*.dll, ApplicationInspector.CLI.exe, OAT.dll, RecursiveExtractor.dll, Sarif.dll'
        signConfigType: 'inlineSignParams'
        inlineOperation: |
          [
@ -291,6 +287,140 @@ stages:
        SessionTimeout: '60'
        MaxConcurrency: '50'
        MaxRetryAttempts: '5'
+    # Third party code signing
+    - task: EsrpCodeSigning@1
+      displayName: Third Party Code Sign Linux
+      inputs:
+        ConnectedServiceName: 'AppInspector_CodeSign'
+        FolderPath: '$(Build.BinariesDirectory)/linux/ApplicationInspector_linux_$(ReleaseVersion)'
+        Pattern: 'CommandLine.dll, DiscUtils.*.dll, DotLiquid.dll, gfs.YamlDotNet.YamlPath.dll, Glob.dll, ICSharpCode.*.dll, JsonCons.*.dll, KellermanSoftware.Compare-NET-Objects.dll, LibGit2Sharp.dll, lzo.net.dll, Newtonsoft.Json.dll, NLog.dll, Serilog.dll, Serilog.*.dll, SharpCompress.dll, ShellProgressBar.dll, YamlDotNet.dll'
+        signConfigType: 'inlineSignParams'
+        inlineOperation: |
+          [
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolSign",
+                      "Parameters" : {
+                          "OpusName" : "Microsoft",
+                          "OpusInfo" : "http://www.microsoft.com",
+                          "FileDigest" : "/fd \"SHA256\"",
+                          "PageHash" : "/NPH",
+                          "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+                      },
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  },
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolVerify",
+                      "Parameters" : {},
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  }
+              ]
+        SessionTimeout: '60'
+        MaxConcurrency: '50'
+        MaxRetryAttempts: '5'
+    - task: EsrpCodeSigning@1
+      displayName: Third Party Code Sign MacOS
+      inputs:
+        ConnectedServiceName: 'AppInspector_CodeSign'
+        FolderPath: '$(Build.BinariesDirectory)/macos/ApplicationInspector_macos_$(ReleaseVersion)'
+        Pattern: 'CommandLine.dll, DiscUtils.*.dll, DotLiquid.dll, gfs.YamlDotNet.YamlPath.dll, Glob.dll, ICSharpCode.*.dll, JsonCons.*.dll, KellermanSoftware.Compare-NET-Objects.dll, LibGit2Sharp.dll, lzo.net.dll, Newtonsoft.Json.dll, NLog.dll, Serilog.dll, Serilog.*.dll, SharpCompress.dll, ShellProgressBar.dll, YamlDotNet.dll'
+        signConfigType: 'inlineSignParams'
+        inlineOperation: |
+          [
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolSign",
+                      "Parameters" : {
+                          "OpusName" : "Microsoft",
+                          "OpusInfo" : "http://www.microsoft.com",
+                          "FileDigest" : "/fd \"SHA256\"",
+                          "PageHash" : "/NPH",
+                          "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+                      },
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  },
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolVerify",
+                      "Parameters" : {},
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  }
+              ]
+        SessionTimeout: '60'
+        MaxConcurrency: '50'
+        MaxRetryAttempts: '5'
+    - task: EsrpCodeSigning@1
+      displayName: Third Party Code Sign Windows
+      inputs:
+        ConnectedServiceName: 'AppInspector_CodeSign'
+        FolderPath: '$(Build.BinariesDirectory)/win/ApplicationInspector_win_$(ReleaseVersion)'
+        Pattern: 'CommandLine.dll, DiscUtils.*.dll, DotLiquid.dll, gfs.YamlDotNet.YamlPath.dll, git2-e632535.dll, Glob.dll, ICSharpCode.*.dll, JsonCons.*.dll, KellermanSoftware.Compare-NET-Objects.dll, LibGit2Sharp.dll, lzo.net.dll, Newtonsoft.Json.dll, NLog.dll, Serilog.dll, Serilog.*.dll, SharpCompress.dll, ShellProgressBar.dll, YamlDotNet.dll'
+        signConfigType: 'inlineSignParams'
+        inlineOperation: |
+          [
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolSign",
+                      "Parameters" : {
+                          "OpusName" : "Microsoft",
+                          "OpusInfo" : "http://www.microsoft.com",
+                          "FileDigest" : "/fd \"SHA256\"",
+                          "PageHash" : "/NPH",
+                          "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+                      },
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  },
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolVerify",
+                      "Parameters" : {},
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  }
+              ]
+        SessionTimeout: '60'
+        MaxConcurrency: '50'
+        MaxRetryAttempts: '5'
+    - task: EsrpCodeSigning@1
+      displayName: Third Party Code Sign .NET Core App
+      inputs:
+        ConnectedServiceName: 'AppInspector_CodeSign'
+        FolderPath: '$(Build.BinariesDirectory)/netcoreapp/ApplicationInspector_netcoreapp_$(ReleaseVersion)'
+        Pattern: 'CommandLine.dll, DiscUtils.*.dll, DotLiquid.dll, gfs.YamlDotNet.YamlPath.dll, git2-e632535.dll, Glob.dll, ICSharpCode.*.dll, JsonCons.*.dll, KellermanSoftware.Compare-NET-Objects.dll, LibGit2Sharp.dll, lzo.net.dll, Newtonsoft.Json.dll, NLog.dll, Serilog.dll, Serilog.*.dll, SharpCompress.dll, ShellProgressBar.dll, YamlDotNet.dll'
+        signConfigType: 'inlineSignParams'
+        inlineOperation: |
+          [
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolSign",
+                      "Parameters" : {
+                          "OpusName" : "Microsoft",
+                          "OpusInfo" : "http://www.microsoft.com",
+                          "FileDigest" : "/fd \"SHA256\"",
+                          "PageHash" : "/NPH",
+                          "TimeStamp" : "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+                      },
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  },
+                  {
+                      "KeyCode" : "CP-231522",
+                      "OperationCode" : "SigntoolVerify",
+                      "Parameters" : {},
+                      "ToolName" : "sign",
+                      "ToolVersion" : "1.0"
+                  }
+              ]
+        SessionTimeout: '60'
+        MaxConcurrency: '50'
+        MaxRetryAttempts: '5'      
+    # Nuget package code signing
    - task: EsrpCodeSigning@1
      displayName: Code Sign Nuget Packages
      inputs:
@ -398,3 +528,50 @@ stages:
        nuGetFeedType: 'external'
        publishFeedCredentials: 'CST-E Nuget CI'
        verbosityPush: 'Normal'
+    - task: PowerShell@2
+      displayName: Mkdir for Manifests
+      inputs:
+        targetType: 'inline'
+        script: mkdir sbom/win/ ; mkdir sbom/netcoreapp/ ; mkdir sbom/linux ; mkdir sbom/macos
+        workingDirectory: '$(Build.StagingDirectory)'
+    - task: ManifestGeneratorTask@0
+      displayName: Generate Windows Manifest
+      inputs:
+        BuildDropPath: '$(Build.BinariesDirectory)/win/'
+        ManifestDirPath: '$(Build.StagingDirectory)/sbom/win/'
+        PackageName: 'ASA'
+        PackageVersion: '$(ReleaseVersion)'
+    - task: ManifestGeneratorTask@0
+      displayName: Generate NetCoreApp Manifest
+      inputs:
+        BuildDropPath: '$(Build.BinariesDirectory)/netcoreapp/'
+        ManifestDirPath: '$(Build.StagingDirectory)/sbom/netcoreapp/'
+        PackageName: 'ASA'
+        PackageVersion: '$(ReleaseVersion)'
+    - task: ManifestGeneratorTask@0
+      displayName: Generate Linux Manifest
+      inputs:
+        BuildDropPath: '$(Build.BinariesDirectory)/linux/'
+        ManifestDirPath: '$(Build.StagingDirectory)/sbom/linux/'
+        PackageName: 'ASA'
+        PackageVersion: '$(ReleaseVersion)'
+    - task: ManifestGeneratorTask@0
+      displayName: Generate MacOS Manifest
+      inputs:
+        BuildDropPath: '$(Build.BinariesDirectory)/macos/'
+        ManifestDirPath: '$(Build.StagingDirectory)/sbom/macos/'
+        PackageName: 'ASA'
+        PackageVersion: '$(ReleaseVersion)'
+    - task: ArchiveFiles@2
+      displayName: Archive Manifests
+      inputs:
+        rootFolderOrFile: '$(Build.StagingDirectory)/sbom/'
+        includeRootFolder: false
+        archiveType: 'zip'
+        archiveFile: '$(Build.StagingDirectory)/Manifests/ApplicationInspector_Release_Manifests_$(ReleaseVersion).zip'
+        replaceExistingArchive: true
+    - task: PublishBuildArtifacts@1
+      displayName: Pipeline Publish Manifest Archive
+      inputs:
+        PathtoPublish: '$(Build.StagingDirectory)/Manifests'
+        ArtifactName: 'Release Manifests'
--- a/Pipelines/templates/dotnet-publish-linux-mac-job.yml
+++ b/Pipelines/templates/dotnet-publish-linux-mac-job.yml
@ -1,100 +0,0 @@
-parameters:
-# Job Name
- name: jobName
-  type: string
-  default: 'publish_linux_mac'
-# Optional Pre-Build Steps
- name: 'preBuild'
-  type: stepList
-  default: []
-# Version of Dotnet SDK to use
- name: dotnetVersion
-  type: string
-  default: '6.0.x'
-# Version of Dotnet SDK to use
- name: publishFrameworkVersion
-  type: string
-  default: 'net6.0'
-# Version of NuGet Tool to use
- name: nugetVersion
-  type: string
-  default: '5.x'
-# Path to .csproj or .sln
- name: projectPath
-  type: string
-  default: ''
-# Build Configuration
- name: buildConfiguration
-  type: string
-  default: 'Release'
-# Project Name
- name: projectName
-  type: string
-  default: ''
-# Release Version
- name: releaseVersion
-  type: string
-  default: ''
-# Pipeline Artifact Name
- name: artifactName
-  type: string
-  default: 'Unsigned_Binaries'
-
-jobs:
- job: ${{ parameters.jobName }}
-  displayName: Dotnet Publish Linux/Mac
-  pool:
-    vmImage: 'ubuntu-latest'
-  steps:
-  - task: UseDotNet@2
-    displayName: Install Dotnet SDK
-    inputs:
-      packageType: 'sdk'
-      version: ${{ parameters.dotnetVersion }}
-  - task: NuGetToolInstaller@1
-    displayName: Install Nuget Tool
-    inputs:
-      versionSpec: ${{ parameters.nugetVersion }}
-  - ${{ parameters.preBuild }}
-  - task: DotNetCoreCLI@2
-    displayName: Restore
-    inputs:
-      command: 'restore'
-      projects: ${{ parameters.projectPath }}
-      verbosityRestore: 'Normal'
-  - task: DotNetCoreCLI@2
-    displayName: Publish Linux x64
-    inputs:
-      command: 'publish'
-      arguments: '${{ parameters.projectPath }}  -f ${{ parameters.publishFrameworkVersion}} -c ${{ parameters.buildConfiguration }} -o bin/linux/${{ parameters.projectName }}_linux_$(ReleaseVersion) -r linux-x64'
-      publishWebProjects: false
-      zipAfterPublish: false
-  - task: DotNetCoreCLI@2
-    displayName: Publish MacOS x64
-    inputs:
-      command: 'publish'
-      arguments: '${{ parameters.projectPath }}  -f ${{ parameters.publishFrameworkVersion}} -c ${{ parameters.buildConfiguration }} -o bin/macos/${{ parameters.projectName }}_macos_$(ReleaseVersion) -r osx-x64'
-      publishWebProjects: false
-      zipAfterPublish: false
-  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'Generation Task'
-    inputs:
-        BuildDropPath: 'bin/linux'
-  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'Generation Task'
-    inputs:
-        BuildDropPath: 'bin/macos'
-  - task: ArchiveFiles@2
-    displayName: Archive Builds
-    inputs:
-      rootFolderOrFile: 'bin'
-      includeRootFolder: false
-      archiveType: 'zip'
-      archiveFile: 'Archives/${{ parameters.projectName }}_Nix.zip'
-      replaceExistingArchive: true
-  - task: PublishBuildArtifacts@1
-    displayName: Pipeline Publish Archive
-    inputs:
-      PathtoPublish: 'Archives'
-      ArtifactName: '${{ parameters.artifactName }}'
-      publishLocation: 'Container'
--- a/Pipelines/templates/dotnet-publish-win-netcore-job.yml
+++ b/Pipelines/templates/dotnet-publish-win-netcore-job.yml
@ -1,111 +0,0 @@
-parameters:
-# Job Name
- name: jobName
-  type: string
-  default: 'publish_win'
-# Optional Pre-Build Steps
- name: 'preBuild'
-  type: stepList
-  default: []
-# Version of Dotnet SDK to use
- name: dotnetVersion
-  type: string
-  default: '6.0.x'
-# Version of Dotnet SDK to use
- name: publishFrameworkVersion
-  type: string
-  default: 'net6.0'
-# Version of NuGet Tool to use
- name: nugetVersion
-  type: string
-  default: '5.x'
-# Path to .csproj or .sln
- name: projectPath
-  type: string
-  default: ''
-# Build Configuration
- name: buildConfiguration
-  type: string
-  default: 'Release'
-# Project Name
- name: projectName
-  type: string
-  default: ''
-# Release Version
- name: releaseVersion
-  type: string
-  default: ''
-# Pipeline Artifact Name
- name: artifactName
-  type: string
-  default: 'Unsigned_Binaries'
-
-jobs:
- job: ${{ parameters.jobName }}
-  displayName: Dotnet Publish Win/NetCoreApp
-  pool:
-    vmImage: 'windows-latest'
-  steps:
-  - task: UseDotNet@2
-    displayName: Install Dotnet SDK
-    inputs:
-      packageType: 'sdk'
-      version: ${{ parameters.dotnetVersion }}
-  - task: NuGetToolInstaller@1
-    displayName: Install Nuget Tool
-    inputs:
-      versionSpec: ${{ parameters.nugetVersion }}
-  - ${{ parameters.preBuild }}
-  - task: DotNetCoreCLI@2
-    displayName: Restore
-    inputs:
-      command: 'restore'
-      projects: ${{ parameters.projectPath }}
-      verbosityRestore: 'Normal'
-  - task: DotNetCoreCLI@2
-    displayName: Publish Win x64
-    inputs:
-      command: 'publish'
-      arguments: '${{ parameters.projectPath }}  -f ${{ parameters.publishFrameworkVersion}} -c ${{ parameters.buildConfiguration }} -o bin/win/${{ parameters.projectName }}_win_$(ReleaseVersion) -r win-x64'
-      publishWebProjects: false
-      zipAfterPublish: false
-  - task: DotNetCoreCLI@2
-    displayName: Build .NET Core App
-    inputs:
-      command: 'build'
-      arguments: '${{ parameters.projectPath }}  -f ${{ parameters.publishFrameworkVersion}} -c ${{ parameters.buildConfiguration }} -o bin/netcoreapp/${{ parameters.projectName }}_netcoreapp_$(ReleaseVersion)'
-      publishWebProjects: false
-      zipAfterPublish: false
-  - task: AntiMalware@4
-    displayName: Anti-Malware Scan
-    inputs:
-      InputType: 'Basic'
-      ScanType: 'CustomScan'
-      FileDirPath: 'bin'
-      EnableServices: true
-      SupportLogOnError: true
-      TreatSignatureUpdateFailureAs: 'Warning'
-      SignatureFreshness: 'UpToDate'
-      TreatStaleSignatureAs: 'Warning'
-  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'Generation Task'
-    inputs:
-        BuildDropPath: 'bin/netcoreapp'
-  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'Generation Task'
-    inputs:
-        BuildDropPath: 'bin/win'
-  - task: ArchiveFiles@2
-    displayName: Archive Builds
-    inputs:
-      rootFolderOrFile: 'bin'
-      includeRootFolder: false
-      archiveType: 'zip'
-      archiveFile: 'Archives\${{ parameters.projectName }}_Win_NetCoreApp.zip'
-      replaceExistingArchive: true
-  - task: PublishBuildArtifacts@1
-    displayName: Pipeline Publish Archive
-    inputs:
-      PathtoPublish: 'Archives'
-      ArtifactName: '${{ parameters.artifactName }}'
-      publishLocation: 'Container'
--- a/Pipelines/templates/dotnet-test-job.yml
+++ b/Pipelines/templates/dotnet-test-job.yml
@ -1,41 +0,0 @@
-parameters:
-# Job Name
- name: jobName
-  type: string
-  default: 'dotnet_test'
-# Version of Dotnet SDK to use
- name: dotnetVersion
-  type: string
-  default: '7.0.x'
-# Version of Dotnet SDK to use
- name: dotnetVersionLTS
-  type: string
-  default: '6.0.x'
-# List of paths to .csproj
- name: projectPath
-  type: string
-  default: ''
-
-jobs:
- job: ${{ parameters.jobName }}
-  displayName: Dotnet Test
-  pool:
-    vmImage: 'windows-latest'
-  steps:
-  - task: UseDotNet@2
-    displayName: Install Dotnet SDK
-    inputs:
-      packageType: 'sdk'
-      version: ${{ parameters.dotnetVersionLTS }}
-  - task: UseDotNet@2
-    displayName: Install Dotnet SDK
-    inputs:
-      packageType: 'sdk'
-      version: ${{ parameters.dotnetVersion }}
-  - task: DotNetCoreCLI@2
-    displayName: Dotnet Test
-    inputs:
-      command: 'test'
-      projects: ${{ parameters.projectPath }}
-      arguments: '--collect "Code coverage"'
-      publishTestResults: true
--- a/Pipelines/templates/nbgv-set-version-steps.yml
+++ b/Pipelines/templates/nbgv-set-version-steps.yml
@ -1,10 +0,0 @@
-steps:
- script: 'dotnet tool update -g nbgv'
-  displayName: 'Install GitVersioning'
- task: PowerShell@2
-  displayName: Set Release Version
-  inputs:
-    targetType: 'inline'
-    script: |
-      $version = (nbgv get-version -v AssemblyInformationalVersion).split('+')[0]
-      Write-Host "##vso[task.setvariable variable=releaseVersion;]$version"
--- a/Pipelines/templates/nuget-build-job.yml
+++ b/Pipelines/templates/nuget-build-job.yml
@ -1,86 +0,0 @@
-parameters:
-# Job Name
- name: jobName
-  type: string
-  default: 'nuget_pack'
-# Version of Dotnet SDK to use
- name: dotnetVersion
-  type: string
-  default: '7.0.x'
-# Version of NuGet Tool to use
- name: nugetVersion
-  type: string
-  default: '5.x'
-# Path to .csproj or .sln
- name: projectPath
-  type: string
-  default: ''
-# Build Configuration
- name: buildConfiguration
-  type: string
-  default: 'Release'
-# Project Name
- name: projectName
-  type: string
-  default: ''
-# Pipeline Artifact Name
- name: artifactName
-  type: string
-  default: 'Unsigned_Binaries'
-
-jobs:
- job: ${{ parameters.jobName }}
-  displayName: NuGet Package ${{ parameters.projectPath }}
-  pool:
-    vmImage: 'windows-latest'
-  steps:
-  - task: UseDotNet@2
-    displayName: Install Dotnet SDK
-    inputs:
-      packageType: 'sdk'
-      version: ${{ parameters.dotnetVersion }}
-  - task: NuGetToolInstaller@1
-    displayName: Install Nuget Tool
-    inputs:
-      versionSpec: ${{ parameters.nugetVersion }}
-  - task: DotNetCoreCLI@2
-    displayName: Dotnet Restore
-    inputs:
-      command: 'restore'
-      projects: ${{ parameters.projectPath }}
-      verbosityRestore: 'Normal'
-  - task: DotNetCoreCLI@2
-    displayName: Pack Nupkg
-    inputs:
-      command: 'custom'
-      custom: 'pack'
-      arguments: '${{ parameters.projectPath }} -c ${{ parameters.buildConfiguration }} -o Packages'
-  - task: AntiMalware@4
-    displayName: Anti-Malware Scan
-    inputs:
-      InputType: 'Basic'
-      ScanType: 'CustomScan'
-      FileDirPath: 'Packages'
-      EnableServices: true
-      SupportLogOnError: true
-      TreatSignatureUpdateFailureAs: 'Warning'
-      SignatureFreshness: 'UpToDate'
-      TreatStaleSignatureAs: 'Warning'
-  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'Generation Task'
-    inputs:
-        BuildDropPath: 'Packages'
-  - task: ArchiveFiles@2
-    displayName: Archive Packages
-    inputs:
-      rootFolderOrFile: 'Packages'
-      includeRootFolder: false
-      archiveType: 'zip'
-      archiveFile: 'Archives\${{ parameters.projectName }}_NuGet.zip'
-      replaceExistingArchive: true
-  - task: PublishBuildArtifacts@1
-    displayName: Pipeline Publish Archive
-    inputs:
-      PathtoPublish: 'Archives'
-      ArtifactName: '${{ parameters.artifactName }}'
-      publishLocation: 'Container'
--- a/Pipelines/templates/sdl-job.yml
+++ b/Pipelines/templates/sdl-job.yml
@ -1,39 +0,0 @@
-parameters:
-# Service Tree ID of application
- name: serviceTreeID
-  type: string
-  default: ''
-
-jobs:
- job: sdl_tools
-  displayName: SDL Tools
-  pool:
-    vmImage: 'windows-latest'
-  steps:
-  - task: CodeInspector@2
-    continueOnError: true
-    inputs:
-      ProductId: ${{ parameters.serviceTreeID }}
-  - task: CredScan@3
-    inputs:
-      verboseOutput: true
-  - task: PoliCheck@1
-    inputs:
-      inputType: 'Basic'
-      targetType: 'F'
-      targetArgument: '$(Build.SourcesDirectory)'
-      result: 'PoliCheck.xml'
-  - task: notice@0
-    enabled: false
-    continueOnError: true
-    inputs:
-      outputformat: 'text'
-  - task: SdtReport@2
-    inputs:
-      GdnExportAllTools: true
-  - task: PublishSecurityAnalysisLogs@2
-    inputs:
-        ArtifactName: 'CodeAnalysisLogs'
-        ArtifactType: 'Container'
-        AllTools: true
-        ToolLogsNotFoundAction: 'Standard'