Code Scanning

Resources

• Code Scan Pipeline: https://dev.azure.com/eFileCabinet/Utopia/_apps/hub/ms.vss-ciworkflow.build-ci-hub?_a=edit-build-definition&id=132&view=Tab_Tasks
• Migrating from packages.config: https://learn.microsoft.com/en-us/nuget/consume-packages/migrate-packages-config-to-package-reference#migration-steps

Background

We wanted to do a code scan of the Revver Desktop App, but after some research and some trial and error, we found that this was going to be more difficult than anticipated.

In order to be able to used ADO advanced security to code scan, we needed to build the app in and ADO pipeline. There are two issues with this. 1) you can't build a .vsproj project (Visual Studio Installer Project) in ADO pipelines (well, we probably could if we we had our own build machines), and 2) our projects store nuget packages in a packages.config file and the ADO pipelines have issues restoring nuget packages when they are configured this way.

We attempted