From 026bb90bbe1b994832f180b5ced4c466ee0b9800 Mon Sep 17 00:00:00 2001
From: James Truher <jimtru@microsoft.com>
Date: Mon, 16 Aug 2021 11:38:15 -0700
Subject: [PATCH 1/3] Binskim should only check the assemblies we provide as
 part of analyzer

---
 .ci/releaseBuild.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml
index ac5cf74c7..0db4414de 100644
--- a/.ci/releaseBuild.yml
+++ b/.ci/releaseBuild.yml
@@ -173,7 +173,7 @@ stages:
         # component-governance - the path to sources
         sourceScanPath: '$(Build.SourcesDirectory)/OSS_Microsoft_PSSA'
         # binskim - this isn't recursive, so you need the path to the assemblies
-        AnalyzeTarget: '$(Pipeline.Workspace)\build\bin\PSV7Release\netcoreapp3.1\*.dll'
+        AnalyzeTarget: '$(Pipeline.Workspace)\build\bin\PSV7Release\netcoreapp3.1\Microsoft.Windows.PowerShell.ScriptAnalyzer*.dll'
         # credscan - scan the repo for credentials
         # you can suppress some files with this.
         suppressionsFile: '$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/tools/ReleaseBuild/CredScan.Suppressions.json'

From fb7abadee8a25ccf903b772a72874fd4bab68027 Mon Sep 17 00:00:00 2001
From: James Truher <jimtru@microsoft.com>
Date: Mon, 16 Aug 2021 12:19:38 -0700
Subject: [PATCH 2/3] add pluralize.net.dll to assemblies that need 3rd party
 signing.

---
 .ci/releaseBuild.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml
index 0db4414de..d36603d77 100644
--- a/.ci/releaseBuild.yml
+++ b/.ci/releaseBuild.yml
@@ -129,8 +129,10 @@ stages:
         # the certificate ID to use
         # we'll need to change this to the 3rd party cert id
         certificateId: "CP-231522"
-        # the file pattern to use - only sign newtonsoft
-        pattern: 'Newtonsoft*.dll'
+        # the file pattern to use - only sign newtonsoft and pluralize
+        pattern: |
+            **/Pluralize*.dll
+            **/Newtonsoft*.dll
 
     # now create the nupkg which we will use to publish the module
     # to the powershell gallery (not part of this yaml)

From 0c49c24d22f9a0f00181955b89c0756dcd5f8600 Mon Sep 17 00:00:00 2001
From: James Truher <jimtru@microsoft.com>
Date: Mon, 16 Aug 2021 12:35:08 -0700
Subject: [PATCH 3/3] be sure to include minimatch option

---
 .ci/releaseBuild.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml
index d36603d77..3fe0361b4 100644
--- a/.ci/releaseBuild.yml
+++ b/.ci/releaseBuild.yml
@@ -129,6 +129,8 @@ stages:
         # the certificate ID to use
         # we'll need to change this to the 3rd party cert id
         certificateId: "CP-231522"
+        # use minimatch because we need to exclude the NewtonSoft assembly
+        useMinimatch: true
         # the file pattern to use - only sign newtonsoft and pluralize
         pattern: |
             **/Pluralize*.dll