This commit is contained in:
Nick Banks 2023-08-09 08:23:56 -07:00 коммит произвёл GitHub
Родитель a83a9cc967
Коммит a564e605ae
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
2 изменённых файлов: 1064 добавлений и 18518 удалений

Разница между файлами не показана из-за своего большого размера Загрузить разницу

Просмотреть файл

@ -3,10 +3,19 @@
When updating the openssl submodule, new tests or code may get flagged by When updating the openssl submodule, new tests or code may get flagged by
CredScan, and will need to be suppressed as it's 3rd party and we can't fix it. CredScan, and will need to be suppressed as it's 3rd party and we can't fix it.
These are the steps to silence the warnings. These are the steps to silence the warnings:
1) Look at the sdl_sources results 1. Look at the `sdl_sources` results
2) Click on "1 artifact produced" and navigate to drop_sdl_sources/sdl_sources 2. Click on `1 artifact produced` and navigate to `drop_sdl_sources/sdl_sources`
3) Download the .gdnsuppress file 3. Download the `.gdnsuppress` file
4) Copy the new warnings into openssl.gdnsuppress, sorting by the Target field 4. Copy the new warnings into `openssl.gdnsuppress`, sorting by the Target field
5) Commit the changes and ingest into Windows. 5. Commit the changes and ingest into Windows.
**Note** - You may also have to copy suppressions from other stages, similar to the process above.
### Regeneration from Scratch
To regenerate the `openssl.gdnsuppress` completely, create a temporary mscodehub PR that removes the `suppression:` `suppressionFile:` from `OneBranch.PullRequest.yml`.
Then follow the instructions above to get the new suppression file, but completely copy over the existing one instead.
> **TODO** - Perhaps we should automate the regeneration in a pipeline.