Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: microsoft/onnxruntime
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: microsoft/onnxruntime
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: snnn/enable_binskim_py
Choose a head ref
  • 1 commit
  • 5 files changed
  • 1 contributor

Commits on Jun 26, 2025

  1. Enable BinSkim in python

    @snnn
    snnn committed Jun 26, 2025
    Copy the full SHA
    e474fba View commit details
12 changes: 12 additions & 0 deletions tools/ci_build/github/azure-pipelines/stages/py-cpu-packaging-stage.yml
View file
Original file line number Diff line number Diff line change
@@ -70,6 +70,18 @@ stages:
pool:
name: 'onnxruntime-Win-CPU-2022'
os: windows
templateContext:
sdl:
codeSignValidation:
enabled: true
break: false
additionalTargetsGlobPattern: f|**\*.pyd
psscriptanalyzer:
enabled: true
binskim:
enabled: true
scanOutputDirectoryOnly: true
analyzeTargetGlob: '+:file|$(BUILD.STAGINGDIRECTORY)\**\*.pyd;+:file|$(BUILD.STAGINGDIRECTORY)\**\*.dll;-:file|DirectML.dll'
strategy:
matrix:
Python310_x64:
4 changes: 1 addition & 3 deletions tools/ci_build/github/azure-pipelines/stages/py-win-gpu-stage.yml
View file
Original file line number Diff line number Diff line change
@@ -52,13 +52,11 @@ stages:
sdl:
codeSignValidation:
enabled: true
# TODO: check why pyd file was not signed
break: false
additionalTargetsGlobPattern: f|**\*.pyd
psscriptanalyzer:
enabled: true
binskim:
preReleaseVersion: '4.3.1'
binskim:
enabled: true
scanOutputDirectoryOnly: true
analyzeTargetGlob: '+:file|$(BUILD.STAGINGDIRECTORY)\**\*.pyd;+:file|$(BUILD.STAGINGDIRECTORY)\**\*.dll;-:file|DirectML.dll'
12 changes: 12 additions & 0 deletions tools/ci_build/github/azure-pipelines/templates/py-win-arm64-qnn.yml
View file
Original file line number Diff line number Diff line change
@@ -33,6 +33,18 @@ jobs:
name: ${{ parameters.MACHINE_POOL }}
os: windows
hostArchitecture: Arm64
templateContext:
sdl:
codeSignValidation:
enabled: true
break: false
additionalTargetsGlobPattern: f|**\*.pyd
psscriptanalyzer:
enabled: true
binskim:
enabled: true
scanOutputDirectoryOnly: true
analyzeTargetGlob: '+:file|$(BUILD.STAGINGDIRECTORY)\**\*.pyd;+:file|$(BUILD.STAGINGDIRECTORY)\**\*.dll;-:file|DirectML.dll'
strategy:
matrix:
Python311_arm64:
12 changes: 12 additions & 0 deletions tools/ci_build/github/azure-pipelines/templates/py-win-arm64ec-qnn.yml
View file
Original file line number Diff line number Diff line change
@@ -32,6 +32,18 @@ jobs:
pool:
name: ${{ parameters.MACHINE_POOL }}
os: windows
templateContext:
sdl:
codeSignValidation:
enabled: true
break: false
additionalTargetsGlobPattern: f|**\*.pyd
psscriptanalyzer:
enabled: true
binskim:
enabled: true
scanOutputDirectoryOnly: true
analyzeTargetGlob: '+:file|$(BUILD.STAGINGDIRECTORY)\**\*.pyd;+:file|$(BUILD.STAGINGDIRECTORY)\**\*.dll;-:file|DirectML.dll'
strategy:
matrix:
Python310_x64:
13 changes: 13 additions & 0 deletions tools/ci_build/github/azure-pipelines/templates/py-win-x64-qnn.yml
View file
Original file line number Diff line number Diff line change
@@ -31,6 +31,19 @@ jobs:
clean: all
pool:
name: ${{ parameters.MACHINE_POOL }}
os: windows
templateContext:
sdl:
codeSignValidation:
enabled: true
break: false
additionalTargetsGlobPattern: f|**\*.pyd
psscriptanalyzer:
enabled: true
binskim:
enabled: true
scanOutputDirectoryOnly: true
analyzeTargetGlob: '+:file|$(BUILD.STAGINGDIRECTORY)\**\*.pyd;+:file|$(BUILD.STAGINGDIRECTORY)\**\*.dll;-:file|DirectML.dll'
strategy:
matrix:
Python310_x64: