Skip to content
This repository has been archived by the owner on Jan 15, 2021. It is now read-only.

Automate "OSPO Witness Generation" #76

Open
mike-kaufman opened this issue May 5, 2017 · 0 comments
Open

Automate "OSPO Witness Generation" #76

mike-kaufman opened this issue May 5, 2017 · 0 comments

Comments

@mike-kaufman
Copy link
Contributor

PR #72 adds in a script to automatically run Microsoft's "OSPO Witness Client" process, which scans our dependencies and sends them to a microsoft endpoint to make sure all our deps are legit from a legal perspective.

Now,

  • These scripts require a personal access token.
  • We want to automate this, probably so we run it with every version tag.
  • We need a safe way to manage our personal access token.

Recommendation from Microsoft's OSPO office is to do the following:

Set up a single VSTS build definition (which is protected behind AAD) to detect changes to your GitHub repository and do nothing except:

  1. Clone the repository
  2. Generate the shrinkwrap
  3. Run our tool to register your dependencies

Also note that once we do this for Glimpse.Client.Hud, we need to do this for Glimpse.Client & Glimpse.Browser.Agent repos also.
@mike-kaufman mike-kaufman added this to the M021 milestone May 5, 2017
@mike-kaufman mike-kaufman removed this from the M021 milestone Aug 7, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mike-kaufman