diff --git a/build/pipelines/azure-pipelines.ci.yaml b/build/pipelines/azure-pipelines.ci.yaml
index df87562c..542ab397 100644
--- a/build/pipelines/azure-pipelines.ci.yaml
+++ b/build/pipelines/azure-pipelines.ci.yaml
@@ -40,21 +40,25 @@ extends:
       - template: /build/pipelines/templates/build-single-architecture.yaml@self
         parameters:
           platform: x64
+          isOSSBuild: true
 
       - template: /build/pipelines/templates/build-single-architecture.yaml@self
         parameters:
           platform: x86
           condition: not(eq(variables['Build.Reason'], 'PullRequest'))
+          isOSSBuild: true
 
       - template: /build/pipelines/templates/build-single-architecture.yaml@self
         parameters:
           platform: ARM
           condition: not(eq(variables['Build.Reason'], 'PullRequest'))
+          isOSSBuild: true
 
       - template: /build/pipelines/templates/build-single-architecture.yaml@self
         parameters:
           platform: ARM64
           condition: not(eq(variables['Build.Reason'], 'PullRequest'))
+          isOSSBuild: true
 
       - template: /build/pipelines/templates/run-ui-tests.yaml@self
         parameters:
diff --git a/build/pipelines/templates/build-single-architecture.yaml b/build/pipelines/templates/build-single-architecture.yaml
index 0528610e..e425000a 100644
--- a/build/pipelines/templates/build-single-architecture.yaml
+++ b/build/pipelines/templates/build-single-architecture.yaml
@@ -2,6 +2,7 @@
 
 parameters:
   isReleaseBuild: false
+  isOSSBuild: false
   useReleaseAppxManifest: false
   platform: ''
   condition: ''
@@ -42,6 +43,10 @@ jobs:
   - checkout: self
     fetchDepth: 1
 
+  - ${{ if eq(parameters.isOSSBuild, true) }}:
+    - task: nuget-security-analysis@0
+      displayName: Secure Supply Chain Analysis
+
   - ${{ if eq(parameters.isReleaseBuild, true) }}:
     - task: UniversalPackages@0
       displayName: Download internals package