ci: add deep SAST via SecurityCodeScan Roslyn analyzer
- SecurityCodeScan.VS2019 5.6.7 injected into Directory.Build.props scans all C# source during every dotnet build - HIGH/CRITICAL findings fail the build because TreatWarningsAsErrors=true - No extra CI step needed: analyzer runs inside every build job automatically Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -7,4 +7,8 @@
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="SecurityCodeScan.VS2019" Version="5.6.7" PrivateAssets="all" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
Reference in New Issue
Block a user