From 9107540a87e8ec64a59e1b587927a4c31d8c7298 Mon Sep 17 00:00:00 2001
From: Tian L <60599517+tian-lt@users.noreply.github.com>
Date: Thu, 17 Aug 2023 11:20:05 +0800
Subject: [PATCH] Engage Secure Supply Chain Analysis for OSS build (#2043)

---
 .../templates/build-single-architecture.yaml  |  8 ++----
 build/scripts/VerifyNugetConfig.ps1           | 28 -------------------
 2 files changed, 3 insertions(+), 33 deletions(-)
 delete mode 100644 build/scripts/VerifyNugetConfig.ps1

diff --git a/build/pipelines/templates/build-single-architecture.yaml b/build/pipelines/templates/build-single-architecture.yaml
index 71379f71..ff5be3b4 100644
--- a/build/pipelines/templates/build-single-architecture.yaml
+++ b/build/pipelines/templates/build-single-architecture.yaml
@@ -37,11 +37,9 @@ jobs:
   - checkout: self
     fetchDepth: 1
 
-  - ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:
-    - powershell: |
-        $(Build.SourcesDirectory)\build\scripts\VerifyNugetConfig.ps1 -FilePath "$(Build.SourcesDirectory)\nuget.config"
-      displayName: Verify nuget config
-      failOnStderr: true
+  - ${{ if eq(parameters.isOSSBuild, true) }}:
+    - task: nuget-security-analysis@0
+      displayName: Secure Supply Chain Analysis
 
   - ${{ if eq(parameters.isReleaseBuild, true) }}:
     - task: UniversalPackages@0
diff --git a/build/scripts/VerifyNugetConfig.ps1 b/build/scripts/VerifyNugetConfig.ps1
deleted file mode 100644
index 374611c3..00000000
--- a/build/scripts/VerifyNugetConfig.ps1
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License.
-
-<#
-.SYNOPSIS
-  Verify the specified nuget.config. Throw to fail the pipeline if the config is ill-formed.
-.PARAMETER FilePath
-  The path pointing to the nuget.config file to be verified by this script.
-.EXAMPLE
-  VerifyNugetConfig -FilePath .\nuget.config
-#>
-
-param([Parameter(Mandatory)][string]$FilePath)
-
-$doc = [XML](Get-Content $FilePath)
-$sources = (Select-Xml $doc -XPath "//configuration/packageSources").Node
-$count = 0
-foreach($src in $sources.ChildNodes){
-  if ($src.Name -eq "add"){
-    ++$count
-  }
-  elseif ($src.Name -eq "clear"){
-    $count = 0
-  }
-}
-if ($count -gt 1){
-  throw "Adding multiple package sources is not allowed in nuget.config."
-}