From 1ff29f618395f0253c8ee22d76e191d849cd5e9a Mon Sep 17 00:00:00 2001
From: Mayank Mishra <mayankmishra@microsoft.com>
Date: Thu, 14 Apr 2022 17:07:54 +0530
Subject: [PATCH] Changes to consider FluentUI.Demo/keystore.jks as exception
 for credscan. Its contains self-signed key on APK creation

---
 CredScanSuppressions.json       | 9 +++++++++
 fluentui-android-compliance.yml | 3 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 CredScanSuppressions.json

diff --git a/CredScanSuppressions.json b/CredScanSuppressions.json
new file mode 100644
index 00000000..3ff5f09b
--- /dev/null
+++ b/CredScanSuppressions.json
@@ -0,0 +1,9 @@
+{
+  "tool": "Credential Scanner",
+  "suppressions": [
+		{
+		  "file": "FluentUI.Demo/keystore.jks",
+		  "_justification": "Key needed for android apk. Does not contain a particular secret"
+		}
+	]
+}
\ No newline at end of file
diff --git a/fluentui-android-compliance.yml b/fluentui-android-compliance.yml
index 9fd49c7d..d3027f48 100644
--- a/fluentui-android-compliance.yml
+++ b/fluentui-android-compliance.yml
@@ -15,7 +15,8 @@ jobs:
         displayName: '🧭 Run Credential Scanner'
         inputs:
           debugMode: false
-
+          SuppressionsPath: '.\\CredScanSuppressions.json'
+          
       - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
         displayName: '🧭 Publish Guardian Artifacts - All Tools'
         inputs: