From 30da0f2cbddc5515d9bbddb71839a76927352117 Mon Sep 17 00:00:00 2001
From: Qi Wang <qwa@microsoft.com>
Date: Thu, 4 Aug 2022 22:40:45 +0000
Subject: [PATCH] Merged PR 671684: Add roslynanalyzers recommend and required
 ruleset

Add ruleset
Add Copy To Directory for Roslynanalyzers
Add suppression files
Disable CA5350 CA5351 CA2301 warning in some files, this is moved to another PR https://dev.azure.com/mseng/Domino/_git/BuildXL.Internal/pullrequest/671797

Related work items: #1941023
---
 .../buildxl/compliance/buildxl.gdnsuppress    | 144 +++++++
 .gdn/README.md                                |   1 +
 .../Tool.Guardian.RoslynAnalyzers.dsc         |  55 ++-
 .../Tool.Guardian.ComplianceBuild.dsc         |   2 +-
 .../Public/Tools/Guardian/Tool.Guardian.dsc   |   1 +
 .../BuildXL.Recommend.Required.Error.ruleset  | 405 ++++++++++++++++++
 Public/Sdk/SelfHost/BuildXL/BuildXLSdk.dsc    |  25 +-
 7 files changed, 603 insertions(+), 30 deletions(-)
 create mode 100644 .gdn/README.md
 create mode 100644 Public/Sdk/SelfHost/BuildXL/BuildXL.Recommend.Required.Error.ruleset

diff --git a/.config/buildxl/compliance/buildxl.gdnsuppress b/.config/buildxl/compliance/buildxl.gdnsuppress
index f75cedea2..deb4f7bcc 100644
--- a/.config/buildxl/compliance/buildxl.gdnsuppress
+++ b/.config/buildxl/compliance/buildxl.gdnsuppress
@@ -399,6 +399,150 @@
       "createdDate": "2022-05-12 20:19:18Z",
       "expirationDate": null,
       "type": null
+    },
+    "4ea9bfe9e5da299112880357be33900959617c18232f6f58995592380b20af37": {
+      "signature": "4ea9bfe9e5da299112880357be33900959617c18232f6f58995592380b20af37",
+      "alternativeSignatures": [
+        "25dd38c1ca5e0acd97440cb6eb388d4c804c62be2daea6a7dbf9c391c93eb70e"
+      ],
+      "target": "Public/Src/Cache/MemoizationStore/VstsApp/Application.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "RA004",
+      "justification": null,
+      "createdDate": "2022-07-23 17:31:56Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "2b691fc8d76f8aba6ad447a48eb10e76868176535911a2c27712bd487455fdef": {
+      "signature": "2b691fc8d76f8aba6ad447a48eb10e76868176535911a2c27712bd487455fdef",
+      "alternativeSignatures": [
+        "225c4fda9e70dad045c11c9b114652e09998497b421c7fb3ee76fc1466257fea"
+      ],
+      "target": "Public/Src/Cache/MemoizationStore/VstsApp/Application.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "RA006",
+      "justification": null,
+      "createdDate": "2022-07-23 17:31:56Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "cad030ee53af08b694a9bf4f989a79bfe8b1310178fb478735ea0e1e69fff14f": {
+      "signature": "cad030ee53af08b694a9bf4f989a79bfe8b1310178fb478735ea0e1e69fff14f",
+      "alternativeSignatures": [
+        "cff36e110e0a70c700f5856578957d332b0147cb65dfce1c1d22e3dd8c1505f0"
+      ],
+      "target": "Public/Src/Cache/MemoizationStore/VstsApp/Application.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "RA004",
+      "justification": null,
+      "createdDate": "2022-07-23 17:31:56Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "3d73e68cd176ab27ab1b4120f71939ad6c10d5f708b0b4f478a6f46690a8402e": {
+      "signature": "3d73e68cd176ab27ab1b4120f71939ad6c10d5f708b0b4f478a6f46690a8402e",
+      "alternativeSignatures": [
+        "1a42a451eeffcbccc95439ceb768a6ea24429da45bcba8f039f4832a2675dd00"
+      ],
+      "target": "Public/Src/Cache/MemoizationStore/VstsApp/Application.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "RA006",
+      "justification": null,
+      "createdDate": "2022-07-23 17:31:56Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "680fe1e5ef990106e78fae0232bff03b7fae096179919e208810e899ef4357b9": {
+      "signature": "680fe1e5ef990106e78fae0232bff03b7fae096179919e208810e899ef4357b9",
+      "alternativeSignatures": [
+        "7cc7065d83e4dfa28c3b4976c837b7f72e5fe1d5641421f99b4d6c537001269b"
+      ],
+      "target": "Public/Src/Cache/MemoizationStore/VstsApp/Application.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "CA1822",
+      "justification": null,
+      "createdDate": "2022-07-23 17:31:56Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "0179541aae15474f41e7e747ad56255c8c1904a8dab8492cbb6d7bfbb47a964f": {
+      "signature": "0179541aae15474f41e7e747ad56255c8c1904a8dab8492cbb6d7bfbb47a964f",
+      "alternativeSignatures": [
+        "1c395131d32ad61eedb6d27c77f322ba379ca88c4eb78663d5fd2d8ba4400d18"
+      ],
+      "target": "Public/Src/Cache/MemoizationStore/VstsApp/ScrapeFingerprints.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "CA1822",
+      "justification": null,
+      "createdDate": "2022-07-23 17:31:56Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "5b2440596e68cf2840520b72f9aaaa9eaf603854e02b7b4222f9e5fc3ae96088": {
+      "signature": "5b2440596e68cf2840520b72f9aaaa9eaf603854e02b7b4222f9e5fc3ae96088",
+      "alternativeSignatures": [
+        "af03388d6916cb51a65726dd2eeb88da177226008d690893ceb9c2a4e143073b"
+      ],
+      "target": "Public/Src/App/Bxl/Program.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "CA5386",
+      "justification": null,
+      "createdDate": "2022-07-23 17:43:50Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "e1157671337aa870eb78013fcd438e19b7c287120974f603554551be7593222f": {
+      "signature": "e1157671337aa870eb78013fcd438e19b7c287120974f603554551be7593222f",
+      "alternativeSignatures": [
+        "dd5f9ac9ac571f107671cfe66319fead57857b9aa4fe5cbf58cba1da0eb89157"
+      ],
+      "target": "Public/Src/Tools/SymbolDaemon/Program.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "CA5386",
+      "justification": null,
+      "createdDate": "2022-07-23 17:29:46Z",
+      "expirationDate": null,
+      "type": null
+    },
+    "4b8d75fe3345a8ff6619ba5695319afcec1bab1937b2f6cda65813a2d5473a99": {
+      "signature": "4b8d75fe3345a8ff6619ba5695319afcec1bab1937b2f6cda65813a2d5473a99",
+      "alternativeSignatures": [
+        "b998f1b73a08d14c0f01b26c1c2210b16bc03c0ddef2efe8b07ee02386388f6e"
+      ],
+      "target": "Public/Src/Tools/DropDaemon/Program.cs",
+      "memberOf": [
+        "default"
+      ],
+      "tool": "roslynanalyzers",
+      "ruleId": "CA5386",
+      "justification": null,
+      "createdDate": "2022-07-23 17:39:13Z",
+      "expirationDate": null,
+      "type": null
     }
   }
 }
\ No newline at end of file
diff --git a/.gdn/README.md b/.gdn/README.md
new file mode 100644
index 000000000..62fc294e1
--- /dev/null
+++ b/.gdn/README.md
@@ -0,0 +1 @@
+This empty directory is required for Roslynanalyzers to run on a repo that does not have Guardian initialized.
\ No newline at end of file
diff --git a/Public/Sdk/Public/Managed/Tools/RoslynAnalyzers/Tool.Guardian.RoslynAnalyzers.dsc b/Public/Sdk/Public/Managed/Tools/RoslynAnalyzers/Tool.Guardian.RoslynAnalyzers.dsc
index 3297bf141..70acf2027 100644
--- a/Public/Sdk/Public/Managed/Tools/RoslynAnalyzers/Tool.Guardian.RoslynAnalyzers.dsc
+++ b/Public/Sdk/Public/Managed/Tools/RoslynAnalyzers/Tool.Guardian.RoslynAnalyzers.dsc
@@ -6,6 +6,10 @@ import * as Guardian from "Sdk.Guardian";
 
 const guardianRoslynAnalyzersConfigFile = Guardian.createConfigurationFile(roslynAnalyzersConfiguration(), p`${Guardian.guardianConfigFileDirectory.path}/roslynAnalyzersConfiguration.gdnconfig`);
 
+const complianceBaselineSuppressionLocation = d`${Context.getMount("SourceRoot").path}/.config/buildxl/compliance`;
+const baselines = glob(complianceBaselineSuppressionLocation, "*.gdnbaselines");
+const suppressions = glob(complianceBaselineSuppressionLocation, "*.gdnsuppress");
+
 /**
  * Create RoslynAnalyzers Guardian calls with copylogs=true
  * With RoslynAnalyzers enabled, roslynanalyzers run with Csc.exe and produce outputfiles
@@ -34,28 +38,34 @@ export function createRoslynCalls(logRootDirectory: Directory, files: File[], un
 
 function addRoslynAnalyzersCalls(guardianToolRoot : StaticDirectory, packageDirectory : StaticDirectory, guardianDrop : Directory, files : File[], logRootDirectory: Directory, uniquePath: RelativePath) : Transformer.ExecuteResult { 
     const roslynAnalyzersWorkDir =  Context.getNewOutputDirectory("roslynAnalyzers");
-    const environmentVariables : Transformer.EnvironmentVariable[] = [
-        {name: "RoslynAnalyzers.LogRootDirectory", value: logRootDirectory}
-    ];
+    const roslynAnalyzersCopyLogDirectory =  Context.getNewOutputDirectory("CopyTo");
 
-    return Guardian.createGuardianCall(
-        guardianToolRoot,
-        packageDirectory,
-        guardianDrop,
-        files,
-        `roslynanalyzer`,
-        roslynAnalyzersWorkDir,
-        r`${uniquePath}/roslynanalyzer.sarif`,
-        [guardianRoslynAnalyzersConfigFile],
-        environmentVariables,
-        /*retryExitCodes*/undefined,
-        /*processRetries*/undefined,
-        /*pathDirectories*/undefined,
-        /*additionalOutputs*/undefined,
-        /*untrackedPaths*/[d`${guardianToolRoot.path}/.gdn`],
-        /*untrackedScopes*/undefined,
-        /*allowUndeclaredSourceReads*/false,
-        /*passThroughEnvironmentVariables*/undefined);
+    const environmentVariables : Transformer.EnvironmentVariable[] = [
+        {name: "RoslynAnalyzers.LogRootDirectory", value: logRootDirectory},
+        {name: "RoslynAnalyzers.OutputDirectory", value: roslynAnalyzersCopyLogDirectory}
+    ];
+    
+    const guardianArgs : Guardian.GuardianArguments = {
+        guardianCommand: "Run",
+        guardianToolRootDirectory: guardianToolRoot,
+        guardianConfigFiles: [guardianRoslynAnalyzersConfigFile],
+        guardianResultFile: f`${Context.getMount("LogsDirectory").path}/Guardian/${uniquePath}/roslynanalyzer.sarif`,
+        guardianPackageDirectory: packageDirectory,
+        guardianToolWorkingDirectory: roslynAnalyzersWorkDir, // Set this to pick up the newly generated tsv file automatically
+        dependencies: files,
+        logLevel: "Warning", // Display only warnings and errors only to simplify debugging and reduce log file size
+        baselineFiles: baselines.length > 0 ? baselines : undefined,
+        suppressionFiles: suppressions.length > 0 ? suppressions : undefined,
+        autoGeneratedBaselineSuppressionLocation: d`${Context.getMount("LogsDirectory").path}/Guardian/${uniquePath}`,
+        suppressionFileName: a`roslynanalyzers.gdnsuppressions`,
+        environmentVariables: environmentVariables,
+        untrackedPaths: [d`${Context.getMount("SourceRoot").path}/.gdn`],
+        policy: "microsoft",
+        severity: "Warning",
+        additionalOutputs: [{directory: roslynAnalyzersCopyLogDirectory, kind: "shared"}]
+    };
+
+    return Guardian.runGuardian(guardianArgs);
 }
 
 function roslynAnalyzersConfiguration() : Object {
@@ -74,7 +84,8 @@ function roslynAnalyzersConfiguration() : Object {
                     "CSharpCodeStyleAnalyzersRootDirectory": "",
                     "ForceSuccess": false,
                     "TreatWarningsAsErrors": false,
-                    "LogRootDirectory": "$(RoslynAnalyzers.LogRootDirectory)"
+                    "LogRootDirectory": "$(RoslynAnalyzers.LogRootDirectory)",
+                    "OutputDirectory": "$(RoslynAnalyzers.OutputDirectory)"
                 },
                 "outputExtension": "sarif",
                 "successfulExitCodes": [
diff --git a/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.ComplianceBuild.dsc b/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.ComplianceBuild.dsc
index 365c7b082..9bc4b3c7d 100644
--- a/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.ComplianceBuild.dsc
+++ b/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.ComplianceBuild.dsc
@@ -193,7 +193,7 @@ export function createGuardianCall(
         untrackedPaths: untrackedPaths,
         untrackedScopes: untrackedScopes,
         allowUndeclaredSourceReads: allowUndeclaredSourceReads,
-        passThroughEnvironmentVariables
+        passThroughEnvironmentVariables: passThroughEnvironmentVariables
     };
 
     const guardianResult = runGuardian(guardianArgs);
diff --git a/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.dsc b/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.dsc
index e684319a5..0605163e7 100644
--- a/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.dsc
+++ b/Public/Sdk/Public/Tools/Guardian/Tool.Guardian.dsc
@@ -378,6 +378,7 @@ function runGuardianInternal(args : GuardianArguments, guardianTool : Transforme
         Cmd.flag("no-policy", args.noPolicy),
         Cmd.option("--policy ", args.policy),
         Cmd.option("--logger-level ", args.logLevel !== undefined ? args.logLevel.toString() : undefined),
+        Cmd.option("--min-severity ", args.severity),
         ...getBaselineOrSuppressOptions(args),
     ];
 
diff --git a/Public/Sdk/SelfHost/BuildXL/BuildXL.Recommend.Required.Error.ruleset b/Public/Sdk/SelfHost/BuildXL/BuildXL.Recommend.Required.Error.ruleset
new file mode 100644
index 000000000..ffd2b0f05
--- /dev/null
+++ b/Public/Sdk/SelfHost/BuildXL/BuildXL.Recommend.Required.Error.ruleset
@@ -0,0 +1,405 @@
+<?xml version="1.0"?>
+<RuleSet Name="Microsoft SDL Roslyn Rules - Required and Recommended (Error) v9.4"
+         Description="This rule set contains all Microsoft SDL required and recommended rules for Microsoft.CodeAnalysis.NetAnalyzers v5.0.3 (and Microsoft.CodeAnalysis.FxCopAnalyzers) and Microsoft.Internal.Analyzers v2.9.3, configured to error rather than warn.  Generated 2022-07-12T18:02:55Z."
+         ToolsVersion="15.0">
+
+  <!--
+    This ruleset is intended to enable SDL rules.
+    This ruleset is NOT a reference of available, effective rules.
+    Not all rules mentioned necessarily exist in the latest analyzers.
+  -->
+
+  <!-- Include BuildXL.ruleset -->
+  <Include Path="BuildXL.ruleset" Action="Default" />
+
+  <Rules AnalyzerId="Internal.Analyzers" RuleNamespace="Internal.Analyzers">
+    <Rule Id="IA5350" Action="Error" />          <!-- Do Not Use Weak Cryptographic Algorithms -->
+    <Rule Id="IA5351" Action="Error" />          <!-- Do Not Use Broken Cryptographic Algorithms -->
+    <Rule Id="IA5352" Action="Error" />          <!-- Do Not Misuse Cryptographic APIs  -->
+    <Rule Id="IA6450" Action="Info" />           <!-- Custom web token handler was found -->
+    <Rule Id="IA6451" Action="Info" />           <!-- Implement required validations for app asserted actor token -->
+    <Rule Id="IA6452" Action="Info" />           <!-- Do not disable {0} -->
+    <Rule Id="IA6453" Action="Info" />           <!-- Do not disable {0} -->
+    <Rule Id="IA6454" Action="Info" />           <!-- Do not disable {0} -->
+    <Rule Id="IA6456" Action="Info" />           <!-- Do Not Use Insecure PowerShell LanguageModes -->
+    <Rule Id="IA6457" Action="Info" />           <!-- Review PowerShell Execution for PowerShell Injection -->
+    <Rule Id="IA2989" Action="None" />           <!-- Do not use banned insecure deserialization APIs -->
+    <Rule Id="IA2992" Action="None" />           <!-- Do Not Use Banned APIs For Insecure Deserializers -->
+    <Rule Id="IA2993" Action="None" />           <!-- Do Not Use Banned Constructors For Insecure Deserializers -->
+    <Rule Id="IA2994" Action="None" />           <!-- Do Not Use ResourceSet Without ResourceReader -->
+    <Rule Id="IA2995" Action="None" />           <!-- Do Not Use ResourceReader -->
+    <Rule Id="IA2996" Action="None" />           <!-- Do Not Use ResXResourceReader Without ITypeResolutionService -->
+    <Rule Id="IA2997" Action="None" />           <!-- Do Not Use TypeNameHandling Other Than None -->
+    <Rule Id="IA2998" Action="None" />           <!-- Do Not Deserialize With BinaryFormatter Without Binder -->
+    <Rule Id="IA2999" Action="None" />           <!-- Do Not Set BinaryFormatter.Binder to null -->
+    <Rule Id="IA3000" Action="None" />           <!-- Do Not Use Type.GetType with a Non-Constant String -->
+    <Rule Id="IA3001" Action="None" />           <!-- Do Not Use Type.GetType -->
+    <Rule Id="IA3002" Action="None" />           <!-- Do not return null from BindToType Method -->
+    <Rule Id="IA5359" Action="None" />           <!-- Use approved crypto libraries for the supported platform -->
+    <Rule Id="IA7001" Action="None" />           <!-- Remove Disallowed Unicode In Comment -->
+    <Rule Id="PR0001" Action="None" />           <!-- Using broadly scoped parameter in token caches is potentially dangerous -->
+    <Rule Id="PR0002" Action="None" />           <!-- Using flighting and kill switches together with other conditions could lead to uninteded changes when removing them -->
+    <Rule Id="PR0003" Action="None" />           <!-- Overly complex boolean conditions could lead to unintentional changes when they&apos;re modified later. -->
+    <Rule Id="PR0004" Action="None" />           <!-- Do Not Use Cache With Both User and Tenant Keys -->
+  </Rules>
+
+  <Rules AnalyzerId="Microsoft.CodeAnalysis.CSharp.NetAnalyzers" RuleNamespace="Microsoft.CodeAnalysis.CSharp.NetAnalyzers">
+    <Rule Id="CA3076" Action="Error" />          <!-- Insecure XSLT script processing. -->
+    <Rule Id="CA3077" Action="Error" />          <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
+    <Rule Id="CA2352" Action="Info" />           <!-- Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks -->
+    <Rule Id="CA2353" Action="Info" />           <!-- Unsafe DataSet or DataTable in serializable type -->
+    <Rule Id="CA2354" Action="Info" />           <!-- Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks -->
+    <Rule Id="CA2355" Action="Info" />           <!-- Unsafe DataSet or DataTable type found in deserializable object graph -->
+    <Rule Id="CA2356" Action="Info" />           <!-- Unsafe DataSet or DataTable type in web deserializable object graph -->
+    <Rule Id="CA2362" Action="Info" />           <!-- Unsafe DataSet or DataTable in auto-generated serializable type can be vulnerable to remote code execution attacks -->
+    <Rule Id="CA1001" Action="None" />           <!-- Types that own disposable fields should be disposable -->
+    <Rule Id="CA1019" Action="None" />           <!-- Define accessors for attribute arguments -->
+    <Rule Id="CA1032" Action="None" />           <!-- Implement standard exception constructors -->
+    <Rule Id="CA1065" Action="None" />           <!-- Do not raise exceptions in unexpected locations -->
+    <Rule Id="CA1200" Action="None" />           <!-- Avoid using cref tags with a prefix -->
+    <Rule Id="CA1309" Action="None" />           <!-- Use ordinal string comparison -->
+    <Rule Id="CA1507" Action="None" />           <!-- Use nameof to express symbol names -->
+    <Rule Id="CA1801" Action="None" />           <!-- Review unused parameters -->
+    <Rule Id="CA1805" Action="None" />           <!-- Do not initialize unnecessarily -->
+    <Rule Id="CA1812" Action="None" />           <!-- Avoid uninstantiated internal classes -->
+    <Rule Id="CA1824" Action="None" />           <!-- Mark assemblies with NeutralResourcesLanguageAttribute -->
+    <Rule Id="CA1825" Action="None" />           <!-- Avoid zero-length array allocations -->
+    <Rule Id="CA2014" Action="None" />           <!-- Do not use stackalloc in loops -->
+    <Rule Id="CA2016" Action="None" />           <!-- Forward the &apos;CancellationToken&apos; parameter to methods -->
+    <Rule Id="CA2234" Action="None" />           <!-- Pass system uri objects instead of strings -->
+  </Rules>
+
+  <Rules AnalyzerId="Microsoft.CodeAnalysis.NetAnalyzers" RuleNamespace="Microsoft.CodeAnalysis.NetAnalyzers">
+    <Rule Id="CA2153" Action="Error" />          <!-- Do Not Catch Corrupted State Exceptions -->
+    <Rule Id="CA2301" Action="Error" />          <!-- Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder -->
+    <Rule Id="CA2302" Action="Error" />          <!-- Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize -->
+    <Rule Id="CA2305" Action="Error" />          <!-- Do not use insecure deserializer LosFormatter -->
+    <Rule Id="CA2311" Action="Error" />          <!-- Do not deserialize without first setting NetDataContractSerializer.Binder -->
+    <Rule Id="CA2312" Action="Error" />          <!-- Ensure NetDataContractSerializer.Binder is set before deserializing -->
+    <Rule Id="CA2315" Action="Error" />          <!-- Do not use insecure deserializer ObjectStateFormatter -->
+    <Rule Id="CA2321" Action="Error" />          <!-- Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver -->
+    <Rule Id="CA2327" Action="Error" />          <!-- Do not use insecure JsonSerializerSettings -->
+    <Rule Id="CA2328" Action="Error" />          <!-- Ensure that JsonSerializerSettings are secure -->
+    <Rule Id="CA2329" Action="Error" />          <!-- Do not deserialize with JsonSerializer using an insecure configuration -->
+    <Rule Id="CA2330" Action="Error" />          <!-- Ensure that JsonSerializer has a secure configuration when deserializing -->
+    <Rule Id="CA3061" Action="Error" />          <!-- Do Not Add Schema By URL -->
+    <Rule Id="CA3075" Action="Error" />          <!-- Insecure DTD processing in XML -->
+    <Rule Id="CA3147" Action="Error" />          <!-- Mark Verb Handlers With Validate Antiforgery Token -->
+    <Rule Id="CA5350" Action="Error" />          <!-- Do Not Use Weak Cryptographic Algorithms -->
+    <Rule Id="CA5351" Action="Error" />          <!-- Do Not Use Broken Cryptographic Algorithms -->
+    <Rule Id="CA5358" Action="Error" />          <!-- Review cipher mode usage with cryptography experts -->
+    <Rule Id="CA5361" Action="Error" />          <!-- Do Not Disable SChannel Use of Strong Crypto -->
+    <Rule Id="CA5364" Action="Error" />          <!-- Do Not Use Deprecated Security Protocols -->
+    <Rule Id="CA5378" Action="Error" />          <!-- Do not disable ServicePointManagerSecurityProtocols -->
+    <Rule Id="CA5397" Action="Error" />          <!-- Do not use deprecated SslProtocols values -->
+    <Rule Id="CA2300" Action="Info" />           <!-- Do not use insecure deserializer BinaryFormatter -->
+    <Rule Id="CA2310" Action="Info" />           <!-- Do not use insecure deserializer NetDataContractSerializer -->
+    <Rule Id="CA2322" Action="Info" />           <!-- Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing -->
+    <Rule Id="CA2350" Action="Info" />           <!-- Do not use DataTable.ReadXml() with untrusted data -->
+    <Rule Id="CA2351" Action="Info" />           <!-- Do not use DataSet.ReadXml() with untrusted data -->
+    <Rule Id="CA2361" Action="Info" />           <!-- Ensure auto-generated class containing DataSet.ReadXml() is not used with untrusted data -->
+    <Rule Id="CA5359" Action="Info" />           <!-- Do Not Disable Certificate Validation -->
+    <Rule Id="CA5366" Action="Info" />           <!-- Use XmlReader for &apos;DataSet.ReadXml()&apos; -->
+    <Rule Id="CA5369" Action="Info" />           <!-- Use XmlReader for &apos;XmlSerializer.Deserialize()&apos; -->
+    <Rule Id="CA5370" Action="Info" />           <!-- Use XmlReader for XmlValidatingReader constructor -->
+    <Rule Id="CA5371" Action="Info" />           <!-- Use XmlReader for &apos;XmlSchema.Read()&apos; -->
+    <Rule Id="CA5372" Action="Info" />           <!-- Use XmlReader for XPathDocument constructor -->
+    <Rule Id="CA5374" Action="Info" />           <!-- Do Not Use XslTransform -->
+    <Rule Id="CA5380" Action="Info" />           <!-- Do Not Add Certificates To Root Store -->
+    <Rule Id="CA5381" Action="Info" />           <!-- Ensure Certificates Are Not Added To Root Store -->
+    <Rule Id="CA5386" Action="Info" />           <!-- Avoid hardcoding SecurityProtocolType value -->
+    <Rule Id="CA5391" Action="Info" />           <!-- Use antiforgery tokens in ASP.NET Core MVC controllers -->
+    <Rule Id="CA5395" Action="Info" />           <!-- Miss HttpVerb attribute for action methods -->
+    <Rule Id="CA5396" Action="Info" />           <!-- Set HttpOnly to true for HttpCookie -->
+    <Rule Id="CA5398" Action="Info" />           <!-- Avoid hardcoded SslProtocols values -->
+    <Rule Id="CA1000" Action="None" />           <!-- Do not declare static members on generic types -->
+    <Rule Id="CA1002" Action="None" />           <!-- Do not expose generic lists -->
+    <Rule Id="CA1003" Action="None" />           <!-- Use generic event handler instances -->
+    <Rule Id="CA1005" Action="None" />           <!-- Avoid excessive parameters on generic types -->
+    <Rule Id="CA1008" Action="None" />           <!-- Enums should have zero value -->
+    <Rule Id="CA1010" Action="None" />           <!-- Generic interface should also be implemented -->
+    <Rule Id="CA1012" Action="None" />           <!-- Abstract types should not have public constructors -->
+    <Rule Id="CA1014" Action="None" />           <!-- Mark assemblies with CLSCompliant -->
+    <Rule Id="CA1016" Action="None" />           <!-- Mark assemblies with assembly version -->
+    <Rule Id="CA1017" Action="None" />           <!-- Mark assemblies with ComVisible -->
+    <Rule Id="CA1018" Action="None" />           <!-- Mark attributes with AttributeUsageAttribute -->
+    <Rule Id="CA1021" Action="None" />           <!-- Avoid out parameters -->
+    <Rule Id="CA1024" Action="None" />           <!-- Use properties where appropriate -->
+    <Rule Id="CA1027" Action="None" />           <!-- Mark enums with FlagsAttribute -->
+    <Rule Id="CA1028" Action="None" />           <!-- Enum Storage should be Int32 -->
+    <Rule Id="CA1030" Action="None" />           <!-- Use events where appropriate -->
+    <Rule Id="CA1031" Action="None" />           <!-- Do not catch general exception types -->
+    <Rule Id="CA1033" Action="None" />           <!-- Interface methods should be callable by child types -->
+    <Rule Id="CA1034" Action="None" />           <!-- Nested types should not be visible -->
+    <Rule Id="CA1036" Action="None" />           <!-- Override methods on comparable types -->
+    <Rule Id="CA1040" Action="None" />           <!-- Avoid empty interfaces -->
+    <Rule Id="CA1041" Action="None" />           <!-- Provide ObsoleteAttribute message -->
+    <Rule Id="CA1043" Action="None" />           <!-- Use Integral Or String Argument For Indexers -->
+    <Rule Id="CA1044" Action="None" />           <!-- Properties should not be write only -->
+    <Rule Id="CA1045" Action="None" />           <!-- Do not pass types by reference -->
+    <Rule Id="CA1046" Action="None" />           <!-- Do not overload equality operator on reference types -->
+    <Rule Id="CA1047" Action="None" />           <!-- Do not declare protected member in sealed type -->
+    <Rule Id="CA1050" Action="None" />           <!-- Declare types in namespaces -->
+    <Rule Id="CA1051" Action="None" />           <!-- Do not declare visible instance fields -->
+    <Rule Id="CA1052" Action="None" />           <!-- Static holder types should be Static or NotInheritable -->
+    <Rule Id="CA1054" Action="None" />           <!-- URI-like parameters should not be strings -->
+    <Rule Id="CA1055" Action="None" />           <!-- URI-like return values should not be strings -->
+    <Rule Id="CA1056" Action="None" />           <!-- URI-like properties should not be strings -->
+    <Rule Id="CA1058" Action="None" />           <!-- Types should not extend certain base types -->
+    <Rule Id="CA1060" Action="None" />           <!-- Move pinvokes to native methods class -->
+    <Rule Id="CA1061" Action="None" />           <!-- Do not hide base class methods -->
+    <Rule Id="CA1062" Action="None" />           <!-- Validate arguments of public methods -->
+    <Rule Id="CA1063" Action="None" />           <!-- Implement IDisposable Correctly -->
+    <Rule Id="CA1064" Action="None" />           <!-- Exceptions should be public -->
+    <Rule Id="CA1066" Action="None" />           <!-- Implement IEquatable when overriding Object.Equals -->
+    <Rule Id="CA1067" Action="None" />           <!-- Override Object.Equals(object) when implementing IEquatable&lt;T&gt; -->
+    <Rule Id="CA1068" Action="None" />           <!-- CancellationToken parameters must come last -->
+    <Rule Id="CA1069" Action="None" />           <!-- Enums values should not be duplicated -->
+    <Rule Id="CA1070" Action="None" />           <!-- Do not declare event fields as virtual -->
+    <Rule Id="CA1303" Action="None" />           <!-- Do not pass literals as localized parameters -->
+    <Rule Id="CA1304" Action="None" />           <!-- Specify CultureInfo -->
+    <Rule Id="CA1305" Action="None" />           <!-- Specify IFormatProvider -->
+    <Rule Id="CA1307" Action="None" />           <!-- Specify StringComparison for clarity -->
+    <Rule Id="CA1308" Action="None" />           <!-- Normalize strings to uppercase -->
+    <Rule Id="CA1310" Action="None" />           <!-- Specify StringComparison for correctness -->
+    <Rule Id="CA1401" Action="None" />           <!-- P/Invokes should not be visible -->
+    <Rule Id="CA1416" Action="None" />           <!-- Validate platform compatibility -->
+    <Rule Id="CA1417" Action="None" />           <!-- Do not use &apos;OutAttribute&apos; on string parameters for P/Invokes -->
+    <Rule Id="CA1501" Action="None" />           <!-- Avoid excessive inheritance -->
+    <Rule Id="CA1502" Action="None" />           <!-- Avoid excessive complexity -->
+    <Rule Id="CA1505" Action="None" />           <!-- Avoid unmaintainable code -->
+    <Rule Id="CA1506" Action="None" />           <!-- Avoid excessive class coupling -->
+    <Rule Id="CA1508" Action="None" />           <!-- Avoid dead conditional code -->
+    <Rule Id="CA1509" Action="None" />           <!-- Invalid entry in code metrics rule specification file -->
+    <Rule Id="CA1700" Action="None" />           <!-- Do not name enum values &apos;Reserved&apos; -->
+    <Rule Id="CA1707" Action="None" />           <!-- Identifiers should not contain underscores -->
+    <Rule Id="CA1708" Action="None" />           <!-- Identifiers should differ by more than case -->
+    <Rule Id="CA1710" Action="None" />           <!-- Identifiers should have correct suffix -->
+    <Rule Id="CA1711" Action="None" />           <!-- Identifiers should not have incorrect suffix -->
+    <Rule Id="CA1712" Action="None" />           <!-- Do not prefix enum values with type name -->
+    <Rule Id="CA1713" Action="None" />           <!-- Events should not have &apos;Before&apos; or &apos;After&apos; prefix -->
+    <Rule Id="CA1715" Action="None" />           <!-- Identifiers should have correct prefix -->
+    <Rule Id="CA1716" Action="None" />           <!-- Identifiers should not match keywords -->
+    <Rule Id="CA1720" Action="None" />           <!-- Identifier contains type name -->
+    <Rule Id="CA1721" Action="None" />           <!-- Property names should not match get methods -->
+    <Rule Id="CA1724" Action="None" />           <!-- Type names should not match namespaces -->
+    <Rule Id="CA1725" Action="None" />           <!-- Parameter names should match base declaration -->
+    <Rule Id="CA1802" Action="None" />           <!-- Use literals where appropriate -->
+    <Rule Id="CA1806" Action="None" />           <!-- Do not ignore method results -->
+    <Rule Id="CA1810" Action="None" />           <!-- Initialize reference type static fields inline -->
+    <Rule Id="CA1813" Action="None" />           <!-- Avoid unsealed attributes -->
+    <Rule Id="CA1814" Action="None" />           <!-- Prefer jagged arrays over multidimensional -->
+    <Rule Id="CA1815" Action="None" />           <!-- Override equals and operator equals on value types -->
+    <Rule Id="CA1816" Action="None" />           <!-- Dispose methods should call SuppressFinalize -->
+    <Rule Id="CA1819" Action="None" />           <!-- Properties should not return arrays -->
+    <Rule Id="CA1820" Action="None" />           <!-- Test for empty strings using string length -->
+    <Rule Id="CA1821" Action="None" />           <!-- Remove empty Finalizers -->
+    <Rule Id="CA1822" Action="None" />           <!-- Mark members as static -->
+    <Rule Id="CA1823" Action="None" />           <!-- Avoid unused private fields -->
+    <Rule Id="CA1826" Action="None" />           <!-- Do not use Enumerable methods on indexable collections -->
+    <Rule Id="CA1827" Action="None" />           <!-- Do not use Count() or LongCount() when Any() can be used -->
+    <Rule Id="CA1828" Action="None" />           <!-- Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used -->
+    <Rule Id="CA1829" Action="None" />           <!-- Use Length/Count property instead of Count() when available -->
+    <Rule Id="CA1830" Action="None" />           <!-- Prefer strongly-typed Append and Insert method overloads on StringBuilder -->
+    <Rule Id="CA1831" Action="None" />           <!-- Use AsSpan or AsMemory instead of Range-based indexers when appropriate -->
+    <Rule Id="CA1832" Action="None" />           <!-- Use AsSpan or AsMemory instead of Range-based indexers when appropriate -->
+    <Rule Id="CA1833" Action="None" />           <!-- Use AsSpan or AsMemory instead of Range-based indexers when appropriate -->
+    <Rule Id="CA1834" Action="None" />           <!-- Consider using &apos;StringBuilder.Append(char)&apos; when applicable -->
+    <Rule Id="CA1835" Action="None" />           <!-- Prefer the &apos;Memory&apos;-based overloads for &apos;ReadAsync&apos; and &apos;WriteAsync&apos; -->
+    <Rule Id="CA1836" Action="None" />           <!-- Prefer IsEmpty over Count -->
+    <Rule Id="CA1837" Action="None" />           <!-- Use &apos;Environment.ProcessId&apos; -->
+    <Rule Id="CA1838" Action="None" />           <!-- Avoid &apos;StringBuilder&apos; parameters for P/Invokes -->
+    <Rule Id="CA2000" Action="None" />           <!-- Dispose objects before losing scope -->
+    <Rule Id="CA2002" Action="None" />           <!-- Do not lock on objects with weak identity -->
+    <Rule Id="CA2007" Action="None" />           <!-- Consider calling ConfigureAwait on the awaited task -->
+    <Rule Id="CA2008" Action="None" />           <!-- Do not create tasks without passing a TaskScheduler -->
+    <Rule Id="CA2009" Action="None" />           <!-- Do not call ToImmutableCollection on an ImmutableCollection value -->
+    <Rule Id="CA2011" Action="None" />           <!-- Avoid infinite recursion -->
+    <Rule Id="CA2012" Action="None" />           <!-- Use ValueTasks correctly -->
+    <Rule Id="CA2013" Action="None" />           <!-- Do not use ReferenceEquals with value types -->
+    <Rule Id="CA2015" Action="None" />           <!-- Do not define finalizers for types derived from MemoryManager&lt;T&gt; -->
+    <Rule Id="CA2100" Action="None" />           <!-- Review SQL queries for security vulnerabilities -->
+    <Rule Id="CA2101" Action="None" />           <!-- Specify marshaling for P/Invoke string arguments -->
+    <Rule Id="CA2109" Action="None" />           <!-- Review visible event handlers -->
+    <Rule Id="CA2119" Action="None" />           <!-- Seal methods that satisfy private interfaces -->
+    <Rule Id="CA2200" Action="None" />           <!-- Rethrow to preserve stack details -->
+    <Rule Id="CA2201" Action="None" />           <!-- Do not raise reserved exception types -->
+    <Rule Id="CA2207" Action="None" />           <!-- Initialize value type static fields inline -->
+    <Rule Id="CA2208" Action="None" />           <!-- Instantiate argument exceptions correctly -->
+    <Rule Id="CA2211" Action="None" />           <!-- Non-constant fields should not be visible -->
+    <Rule Id="CA2213" Action="None" />           <!-- Disposable fields should be disposed -->
+    <Rule Id="CA2214" Action="None" />           <!-- Do not call overridable methods in constructors -->
+    <Rule Id="CA2215" Action="None" />           <!-- Dispose methods should call base class dispose -->
+    <Rule Id="CA2216" Action="None" />           <!-- Disposable types should declare finalizer -->
+    <Rule Id="CA2217" Action="None" />           <!-- Do not mark enums with FlagsAttribute -->
+    <Rule Id="CA2219" Action="None" />           <!-- Do not raise exceptions in finally clauses -->
+    <Rule Id="CA2225" Action="None" />           <!-- Operator overloads have named alternates -->
+    <Rule Id="CA2226" Action="None" />           <!-- Operators should have symmetrical overloads -->
+    <Rule Id="CA2227" Action="None" />           <!-- Collection properties should be read only -->
+    <Rule Id="CA2229" Action="None" />           <!-- Implement serialization constructors -->
+    <Rule Id="CA2231" Action="None" />           <!-- Overload operator equals on overriding value type Equals -->
+    <Rule Id="CA2235" Action="None" />           <!-- Mark all non-serializable fields -->
+    <Rule Id="CA2237" Action="None" />           <!-- Mark ISerializable types with serializable -->
+    <Rule Id="CA2241" Action="None" />           <!-- Provide correct arguments to formatting methods -->
+    <Rule Id="CA2242" Action="None" />           <!-- Test for NaN correctly -->
+    <Rule Id="CA2243" Action="None" />           <!-- Attribute string literals should parse correctly -->
+    <Rule Id="CA2244" Action="None" />           <!-- Do not duplicate indexed element initializations -->
+    <Rule Id="CA2245" Action="None" />           <!-- Do not assign a property to itself -->
+    <Rule Id="CA2246" Action="None" />           <!-- Assigning symbol and its member in the same statement -->
+    <Rule Id="CA2247" Action="None" />           <!-- Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum -->
+    <Rule Id="CA2248" Action="None" />           <!-- Provide correct &apos;enum&apos; argument to &apos;Enum.HasFlag&apos; -->
+    <Rule Id="CA2249" Action="None" />           <!-- Consider using &apos;string.Contains&apos; instead of &apos;string.IndexOf&apos; -->
+    <Rule Id="CA2326" Action="None" />           <!-- Do not use TypeNameHandling values other than None -->
+    <Rule Id="CA3001" Action="None" />           <!-- Review code for SQL injection vulnerabilities -->
+    <Rule Id="CA3002" Action="None" />           <!-- Review code for XSS vulnerabilities -->
+    <Rule Id="CA3003" Action="None" />           <!-- Review code for file path injection vulnerabilities -->
+    <Rule Id="CA3004" Action="None" />           <!-- Review code for information disclosure vulnerabilities -->
+    <Rule Id="CA3005" Action="None" />           <!-- Review code for LDAP injection vulnerabilities -->
+    <Rule Id="CA3006" Action="None" />           <!-- Review code for process command injection vulnerabilities -->
+    <Rule Id="CA3007" Action="None" />           <!-- Review code for open redirect vulnerabilities -->
+    <Rule Id="CA3008" Action="None" />           <!-- Review code for XPath injection vulnerabilities -->
+    <Rule Id="CA3009" Action="None" />           <!-- Review code for XML injection vulnerabilities -->
+    <Rule Id="CA3010" Action="None" />           <!-- Review code for XAML injection vulnerabilities -->
+    <Rule Id="CA3011" Action="None" />           <!-- Review code for DLL injection vulnerabilities -->
+    <Rule Id="CA3012" Action="None" />           <!-- Review code for regex injection vulnerabilities -->
+    <Rule Id="CA5360" Action="None" />           <!-- Do Not Call Dangerous Methods In Deserialization -->
+    <Rule Id="CA5362" Action="None" />           <!-- Potential reference cycle in deserialized object graph -->
+    <Rule Id="CA5363" Action="None" />           <!-- Do Not Disable Request Validation -->
+    <Rule Id="CA5365" Action="None" />           <!-- Do Not Disable HTTP Header Checking -->
+    <Rule Id="CA5367" Action="None" />           <!-- Do Not Serialize Types With Pointer Fields -->
+    <Rule Id="CA5368" Action="None" />           <!-- Set ViewStateUserKey For Classes Derived From Page -->
+    <Rule Id="CA5373" Action="None" />           <!-- Do not use obsolete key derivation function -->
+    <Rule Id="CA5375" Action="None" />           <!-- Do Not Use Account Shared Access Signature -->
+    <Rule Id="CA5376" Action="None" />           <!-- Use SharedAccessProtocol HttpsOnly -->
+    <Rule Id="CA5377" Action="None" />           <!-- Use Container Level Access Policy -->
+    <Rule Id="CA5379" Action="None" />           <!-- Ensure Key Derivation Function algorithm is sufficiently strong -->
+    <Rule Id="CA5382" Action="None" />           <!-- Use Secure Cookies In ASP.NET Core -->
+    <Rule Id="CA5383" Action="None" />           <!-- Ensure Use Secure Cookies In ASP.NET Core -->
+    <Rule Id="CA5384" Action="None" />           <!-- Do Not Use Digital Signature Algorithm (DSA) -->
+    <Rule Id="CA5385" Action="None" />           <!-- Use Rivest–Shamir–Adleman (RSA) Algorithm With Sufficient Key Size -->
+    <Rule Id="CA5387" Action="None" />           <!-- Do Not Use Weak Key Derivation Function With Insufficient Iteration Count -->
+    <Rule Id="CA5388" Action="None" />           <!-- Ensure Sufficient Iteration Count When Using Weak Key Derivation Function -->
+    <Rule Id="CA5389" Action="None" />           <!-- Do Not Add Archive Item&apos;s Path To The Target File System Path -->
+    <Rule Id="CA5390" Action="None" />           <!-- Do not hard-code encryption key -->
+    <Rule Id="CA5392" Action="None" />           <!-- Use DefaultDllImportSearchPaths attribute for P/Invokes -->
+    <Rule Id="CA5393" Action="None" />           <!-- Do not use unsafe DllImportSearchPath value -->
+    <Rule Id="CA5394" Action="None" />           <!-- Do not use insecure randomness -->
+    <Rule Id="CA5399" Action="None" />           <!-- HttpClients should enable certificate revocation list checks -->
+    <Rule Id="CA5400" Action="None" />           <!-- Ensure HttpClient certificate revocation list check is not disabled -->
+    <Rule Id="CA5401" Action="None" />           <!-- Do not use CreateEncryptor with non-default IV -->
+    <Rule Id="CA5402" Action="None" />           <!-- Use CreateEncryptor with the default IV  -->
+    <Rule Id="CA5403" Action="None" />           <!-- Do not hard-code certificate -->
+    <Rule Id="IL3000" Action="None" />           <!-- Avoid using accessing Assembly file path when publishing as a single-file -->
+    <Rule Id="IL3001" Action="None" />           <!-- Avoid using accessing Assembly file path when publishing as a single-file -->
+  </Rules>
+
+  <Rules AnalyzerId="Microsoft.CodeAnalysis.VisualBasic.NetAnalyzers" RuleNamespace="Microsoft.CodeAnalysis.VisualBasic.NetAnalyzers">
+    <Rule Id="CA3076" Action="Error" />          <!-- Insecure XSLT script processing. -->
+    <Rule Id="CA3077" Action="Error" />          <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
+    <Rule Id="CA2352" Action="Info" />           <!-- Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks -->
+    <Rule Id="CA2353" Action="Info" />           <!-- Unsafe DataSet or DataTable in serializable type -->
+    <Rule Id="CA2354" Action="Info" />           <!-- Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks -->
+    <Rule Id="CA2355" Action="Info" />           <!-- Unsafe DataSet or DataTable type found in deserializable object graph -->
+    <Rule Id="CA2356" Action="Info" />           <!-- Unsafe DataSet or DataTable type in web deserializable object graph -->
+    <Rule Id="CA2362" Action="Info" />           <!-- Unsafe DataSet or DataTable in auto-generated serializable type can be vulnerable to remote code execution attacks -->
+    <Rule Id="CA1001" Action="None" />           <!-- Types that own disposable fields should be disposable -->
+    <Rule Id="CA1019" Action="None" />           <!-- Define accessors for attribute arguments -->
+    <Rule Id="CA1032" Action="None" />           <!-- Implement standard exception constructors -->
+    <Rule Id="CA1065" Action="None" />           <!-- Do not raise exceptions in unexpected locations -->
+    <Rule Id="CA1200" Action="None" />           <!-- Avoid using cref tags with a prefix -->
+    <Rule Id="CA1309" Action="None" />           <!-- Use ordinal string comparison -->
+    <Rule Id="CA1507" Action="None" />           <!-- Use nameof to express symbol names -->
+    <Rule Id="CA1801" Action="None" />           <!-- Review unused parameters -->
+    <Rule Id="CA1805" Action="None" />           <!-- Do not initialize unnecessarily -->
+    <Rule Id="CA1812" Action="None" />           <!-- Avoid uninstantiated internal classes -->
+    <Rule Id="CA1824" Action="None" />           <!-- Mark assemblies with NeutralResourcesLanguageAttribute -->
+    <Rule Id="CA1825" Action="None" />           <!-- Avoid zero-length array allocations -->
+    <Rule Id="CA2016" Action="None" />           <!-- Forward the &apos;CancellationToken&apos; parameter to methods -->
+    <Rule Id="CA2218" Action="None" />           <!-- Override GetHashCode on overriding Equals -->
+    <Rule Id="CA2224" Action="None" />           <!-- Override Equals on overloading operator equals -->
+    <Rule Id="CA2234" Action="None" />           <!-- Pass system uri objects instead of strings -->
+  </Rules>
+
+
+  <!-- Ancient analyzers, which older Internal.Analyzers packages may have referenced -->
+  <Rules AnalyzerId="Microsoft.CodeAnalysis.Analyzers" RuleNamespace="Microsoft.CodeAnalysis.Analyzers">
+    <Rule Id="RS1000" Action="None" />
+    <Rule Id="RS1001" Action="None" />
+    <Rule Id="RS1002" Action="None" />
+    <Rule Id="RS1003" Action="None" />
+    <Rule Id="RS1004" Action="None" />
+    <Rule Id="RS1005" Action="None" />
+    <Rule Id="RS1006" Action="None" />
+    <Rule Id="RS1007" Action="None" />
+    <Rule Id="RS1008" Action="None" />
+    <Rule Id="RS1009" Action="None" />
+    <Rule Id="RS1010" Action="None" />
+    <Rule Id="RS1011" Action="None" />
+    <Rule Id="RS1012" Action="None" />
+    <Rule Id="RS1013" Action="None" />
+    <Rule Id="RS1014" Action="None" />
+  </Rules>
+  <Rules AnalyzerId="Microsoft.CodeAnalysis.CSharp.Analyzers" RuleNamespace="Microsoft.CodeAnalysis.CSharp.Analyzers">
+    <Rule Id="RS1000" Action="None" />
+    <Rule Id="RS1001" Action="None" />
+    <Rule Id="RS1002" Action="None" />
+    <Rule Id="RS1003" Action="None" />
+    <Rule Id="RS1004" Action="None" />
+    <Rule Id="RS1005" Action="None" />
+    <Rule Id="RS1006" Action="None" />
+    <Rule Id="RS1007" Action="None" />
+    <Rule Id="RS1008" Action="None" />
+    <Rule Id="RS1009" Action="None" />
+    <Rule Id="RS1010" Action="None" />
+    <Rule Id="RS1011" Action="None" />
+    <Rule Id="RS1012" Action="None" />
+    <Rule Id="RS1013" Action="None" />
+    <Rule Id="RS1014" Action="None" />
+  </Rules>
+  <Rules AnalyzerId="Microsoft.CodeAnalysis.VisualBasic.Analyzers" RuleNamespace="Microsoft.CodeAnalysis.VisualBasic.Analyzers">
+    <Rule Id="RS1000" Action="None" />
+    <Rule Id="RS1001" Action="None" />
+    <Rule Id="RS1002" Action="None" />
+    <Rule Id="RS1003" Action="None" />
+    <Rule Id="RS1004" Action="None" />
+    <Rule Id="RS1005" Action="None" />
+    <Rule Id="RS1006" Action="None" />
+    <Rule Id="RS1007" Action="None" />
+    <Rule Id="RS1008" Action="None" />
+    <Rule Id="RS1009" Action="None" />
+    <Rule Id="RS1010" Action="None" />
+    <Rule Id="RS1011" Action="None" />
+    <Rule Id="RS1012" Action="None" />
+    <Rule Id="RS1013" Action="None" />
+    <Rule Id="RS1014" Action="None" />
+  </Rules>
+  <Rules AnalyzerId="Microsoft.CodeQuality.CSharp.Analyzers" RuleNamespace="Microsoft.CodeQuality.CSharp.Analyzers">
+    <Rule Id="Async001" Action="None" />
+    <Rule Id="Async002" Action="None" />
+    <Rule Id="Async003" Action="None" />
+    <Rule Id="Async004" Action="None" />
+    <Rule Id="Async005" Action="None" />
+    <Rule Id="Async006" Action="None" />
+  </Rules>
+  <Rules AnalyzerId="Microsoft.CodeQuality.VisualBasic.Analyzers" RuleNamespace="Microsoft.CodeQuality.VisualBasic.Analyzers">
+    <Rule Id="Async001" Action="None" />
+    <Rule Id="Async002" Action="None" />
+    <Rule Id="Async003" Action="None" />
+    <Rule Id="Async004" Action="None" />
+    <Rule Id="Async005" Action="None" />
+    <Rule Id="Async006" Action="None" />
+  </Rules>
+  <Rules AnalyzerId="OldFxCopAnalyzerRules" RuleNamespace="OldFxCopAnalyzerRules">
+    <Rule Id="CA1714" Action="None" />
+    <Rule Id="CA1717" Action="None" />
+    <Rule Id="CA2010" Action="None" />
+    <Rule Id="CA9999" Action="None" />
+  </Rules>
+  <Rules AnalyzerId="RuntimeContracts.Analyzer" RuleNamespace="RuntimeContracts.Analyzer">
+    <Rule Id="RA001" Action="None" />           <!-- Do not use System.Diagnostics.Contract class -->
+    <Rule Id="RA004" Action="None" />           <!-- User-defined message is missing in a contract assertion --> 
+    <Rule Id="RA005" Action="None" />           <!-- Fluent Assertion Results Not Observed -->
+    <Rule Id="RA006" Action="None" />           <!-- Use fluent API for preconditions/assertions to avoid runtime overhead -->
+    <Rule Id="RA007" Action="None" />           <!-- Do not use simplified null-check contracts -->
+  </Rules>
+</RuleSet>
\ No newline at end of file
diff --git a/Public/Sdk/SelfHost/BuildXL/BuildXLSdk.dsc b/Public/Sdk/SelfHost/BuildXL/BuildXLSdk.dsc
index 1acdc861b..0700d248a 100644
--- a/Public/Sdk/SelfHost/BuildXL/BuildXLSdk.dsc
+++ b/Public/Sdk/SelfHost/BuildXL/BuildXLSdk.dsc
@@ -42,6 +42,8 @@ const brandingDefines = [
     { key: "MainExecutableName", value: Branding.mainExecutableName},
 ];
 
+const buildXLRuleset = f`BuildXL.ruleset`;
+
 @@public
 export interface Arguments extends Managed.Arguments {
     /** Provide switch to turn skip tool that adds GetTypeInfo() calls to generated resource code, so the tool can be compiled */
@@ -284,7 +286,7 @@ namespace Flags {
      * We only want to enable it for PR builds not for local dev builds
      */
     @@public
-    export const enableRoslynAnalyzers = Environment.getFlag("[Sdk.BuildXL]enableRoslynAnalyzers");
+    export const enableRoslynAnalyzers = Environment.getFlag("[Sdk.BuildXL]enableRoslynAnalyzers") && isMicrosoftInternal;
 
     /**
      * Enable ESRP Signing
@@ -669,8 +671,14 @@ function processArguments(args: Arguments, targetType: Csc.TargetType) : Argumen
         analyzers = [...analyzers, ...getInProcLogGenerators()];
     }
 
+    let ruleset : File = undefined;
+
+    if (args.enableStyleCopAnalyzers) {
+        ruleset = buildXLRuleset;
+    }
+
     // Only add roslynanalyzers for microsoft internal build since Microsoft.Internal.Analyzers is for internal use
-    if (Flags.isMicrosoftInternal && Flags.enableRoslynAnalyzers) {
+    if (Flags.enableRoslynAnalyzers) {
         analyzers = [
             ...analyzers,
             ...getAnalyzerDlls(importFrom("Microsoft.CodeAnalysis.NetAnalyzers").Contents.all),
@@ -680,8 +688,11 @@ function processArguments(args: Arguments, targetType: Csc.TargetType) : Argumen
         // Required for v2.x Roslyn compilers
         // Flow analysis is used to infer the nullability of variables within executable code. The inferred nullability of a variable is independent of the variable's declared nullability.
         // Method calls are analyzed even when they are conditionally omitted. For instance, `Debug.Assert` in release mode.
-        features.push("flow-analysis");
-    }
+        features = features.push("flow-analysis");
+
+        ruleset = f`BuildXL.Recommend.Required.Error.ruleset`;
+        args = args.merge<Managed.Arguments>({implicitSources: [buildXLRuleset]});
+    } 
     
     args = Object.merge<Arguments>(
         {
@@ -725,11 +736,11 @@ function processArguments(args: Arguments, targetType: Csc.TargetType) : Argumen
 
                     // TODO: Make analyzers supported in regular references by undestanding the structure in nuget packages
                     analyzers: analyzers,
-                    errorlog: Flags.isMicrosoftInternal && Flags.enableRoslynAnalyzers ? r`${assemblyName}/roslyn.csproj.diagnostics.sarif` : undefined,
-                    enableRoslynAnalyzers: Flags.isMicrosoftInternal && Flags.enableRoslynAnalyzers,
+                    errorlog: Flags.enableRoslynAnalyzers ? r`${assemblyName}/roslyn.csproj.diagnostics.sarif` : undefined,
+                    enableRoslynAnalyzers: Flags.enableRoslynAnalyzers,
 
                     features: features,
-                    codeAnalysisRuleset: args.enableStyleCopAnalyzers ? f`BuildXL.ruleset` : undefined,
+                    codeAnalysisRuleset: ruleset,
                     additionalFiles: args.enableStyleCopAnalyzers ? [f`stylecop.json`] : [],
                     keyFile: args.skipAssemblySigning ? undefined : devKey,
                     shared: Flags.useManagedSharedCompilation,