From 200a07fbc400decddf59d9fa2a3bb33519a324d1 Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Mon, 12 Jan 2026 15:18:00 -0500 Subject: [PATCH 1/8] Implement EdgeScan local integration script for macOS developers in package.json Fixes #154 --- apps/docs/docs/intro.md | 25 +++++++++++++++++++++++++ package.json | 3 ++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/apps/docs/docs/intro.md b/apps/docs/docs/intro.md index b03778f25..ea3e26482 100644 --- a/apps/docs/docs/intro.md +++ b/apps/docs/docs/intro.md @@ -104,6 +104,31 @@ pnpm run snyk:iac # IaC - scan Bicep templates for misconfigurations > **Note**: Only use the npm scripts listed above. Other Snyk scripts (`snyk:monitor`, `snyk:code:report`) are reserved for CI/CD pipeline use only. +## Apple Native Containers Setup + +This is a one-time setup and is a requirement for the `edgescan:dev` script. + +1. Download the `container-installer-signed.pkg` from the [Apple Native Containers releases](https://github.com/apple/container/releases). +2. Run the installer. +3. Once finished, start the container system: + ```bash + container system start + ``` + Input `Y` when prompted. +4. Confirm it is working as expected: + ```bash + container system status + ``` + Expected output: + ```text + ❯ container system status + apiserver is running + application data root: /Users//Library/Application Support/com.apple.container/ + application install root: /usr/local/ + container-apiserver version: container-apiserver version 0.7.1 (build: release, commit: 420be74) + container-apiserver commit: 420be748f18afc685d11987ac5118c928e174c19 + ``` + ## Start Development Run the development environment: diff --git a/package.json b/package.json index 7f4bda89b..b91b37b49 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,8 @@ "snyk:iac:report": "snyk iac test iac/build/**/*.json --org=cellixjs --remote-repo-url=https://github.com/CellixJs/cellixjs --target-reference=main --target-name=cellixjs-iac --report", "analyze": "pnpm -r exec -- pnpm dlx @e18e/cli analyze", "prepare": "husky", - "edgescan:run": "docker run --tty --rm edgescan/cicd-integration:latest --api-token $ES_API_TOKEN --asset-id $ES_ASSET_ID --start-scan --max-risk-threshold 3 --wait --color" + "edgescan:agent": "docker run --tty --rm edgescan/cicd-integration:latest --api-token $ES_API_TOKEN --asset-id $ES_ASSET_ID --start-scan --max-risk-threshold 3 --wait --color", + "edgescan:dev": "container run --tty --rm --platform linux/amd64 edgescan/cicd-integration:latest --api-token $ES_API_TOKEN --asset-id 74096 --start-scan --max-risk-threshold 3 --wait --color" }, "devDependencies": { "@amiceli/vitest-cucumber": "^5.1.2", From 87826777a224ca40d11fdeb890c1bd024901a214 Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Mon, 12 Jan 2026 15:57:23 -0500 Subject: [PATCH 2/8] chore: update react-router-dom to version 7.12.0 to address vulnerability and adjust knip.json to ignore additional binaries --- apps/ui-community/package.json | 8 ++-- knip.json | 2 +- packages/ocom/ui-components/package.json | 2 +- pnpm-lock.yaml | 51 ++++++++++++++++++++---- 4 files changed, 50 insertions(+), 13 deletions(-) diff --git a/apps/ui-community/package.json b/apps/ui-community/package.json index 1171f239a..229f2f7dc 100644 --- a/apps/ui-community/package.json +++ b/apps/ui-community/package.json @@ -4,9 +4,9 @@ "private": true, "type": "module", "scripts": { - "prebuild": "biome lint", - "build": "tsc --build && vite build", - "start": "vite", + "prebuild": "biome lint", + "build": "tsc --build && vite build", + "start": "vite", "lint": "biome lint", "preview": "vite preview", "test": "vitest run --silent --reporter=dot", @@ -30,7 +30,7 @@ "react": "^19.1.0", "react-dom": "^19.1.0", "react-oidc-context": "^3.3.0", - "react-router-dom": "^7.0.2" + "react-router-dom": "^7.12.0" }, "devDependencies": { "@cellix/typescript-config": "workspace:*", diff --git a/knip.json b/knip.json index 998e51308..53aed3022 100644 --- a/knip.json +++ b/knip.json @@ -79,5 +79,5 @@ "@graphql-typed-document-node/core", "ts-scope-trimmer-plugin" ], - "ignoreBinaries": ["func"] + "ignoreBinaries": ["func", "container"] } diff --git a/packages/ocom/ui-components/package.json b/packages/ocom/ui-components/package.json index 65f75481e..616ffca9a 100644 --- a/packages/ocom/ui-components/package.json +++ b/packages/ocom/ui-components/package.json @@ -33,7 +33,7 @@ "react": "^19.1.1", "react-dom": "^19.1.1", "react-oidc-context": "^3.3.0", - "react-router-dom": "^7.8.2" + "react-router-dom": "^7.12.0" }, "devDependencies": { "@cellix/typescript-config": "workspace:*", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 9f01c5734..5ab4649a0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -288,8 +288,8 @@ importers: specifier: ^3.3.0 version: 3.3.0(oidc-client-ts@3.4.1)(react@19.2.0) react-router-dom: - specifier: ^7.0.2 - version: 7.9.6(react-dom@19.2.0(react@19.2.0))(react@19.2.0) + specifier: ^7.12.0 + version: 7.12.0(react-dom@19.2.0(react@19.2.0))(react@19.2.0) devDependencies: '@cellix/typescript-config': specifier: workspace:* @@ -1107,8 +1107,8 @@ importers: specifier: ^3.3.0 version: 3.3.0(oidc-client-ts@3.4.1)(react@19.2.0) react-router-dom: - specifier: ^7.8.2 - version: 7.9.6(react-dom@19.2.0(react@19.2.0))(react@19.2.0) + specifier: ^7.12.0 + version: 7.12.0(react-dom@19.2.0(react@19.2.0))(react@19.2.0) devDependencies: '@cellix/typescript-config': specifier: workspace:* @@ -2136,6 +2136,10 @@ packages: resolution: {integrity: sha512-Q/N6JNWvIvPnLDvjlE1OUBLPQHH6l3CltCEsHIujp45zQUSSh8K+gHnaEX45yAT1nyngnINhvWtzN+Nb9D8RAQ==} engines: {node: '>=6.9.0'} + '@babel/runtime@7.28.6': + resolution: {integrity: sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA==} + engines: {node: '>=6.9.0'} + '@babel/template@7.27.2': resolution: {integrity: sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==} engines: {node: '>=6.9.0'} @@ -9662,6 +9666,13 @@ packages: peerDependencies: react: '>=15' + react-router-dom@7.12.0: + resolution: {integrity: sha512-pfO9fiBcpEfX4Tx+iTYKDtPbrSLLCbwJ5EqP+SPYQu1VYCXdy79GSj0wttR0U4cikVdlImZuEZ/9ZNCgoaxwBA==} + engines: {node: '>=20.0.0'} + peerDependencies: + react: '>=18' + react-dom: '>=18' + react-router-dom@7.9.6: resolution: {integrity: sha512-2MkC2XSXq6HjGcihnx1s0DBWQETI4mlis4Ux7YTLvP67xnGxCvq+BcCQSO81qQHVUTM1V53tl4iVVaY5sReCOA==} engines: {node: '>=20.0.0'} @@ -9674,6 +9685,16 @@ packages: peerDependencies: react: '>=15' + react-router@7.12.0: + resolution: {integrity: sha512-kTPDYPFzDVGIIGNLS5VJykK0HfHLY5MF3b+xj0/tTyNYL1gF1qs7u67Z9jEhQk2sQ98SUaHxlG31g1JtF7IfVw==} + engines: {node: '>=20.0.0'} + peerDependencies: + react: '>=18' + react-dom: '>=18' + peerDependenciesMeta: + react-dom: + optional: true + react-router@7.9.6: resolution: {integrity: sha512-Y1tUp8clYRXpfPITyuifmSoE2vncSME18uVLgaqyxh9H35JWpIfzHo+9y3Fzh5odk/jxPW29IgLgzcdwxGqyNA==} engines: {node: '>=20.0.0'} @@ -11877,7 +11898,7 @@ snapshots: dependencies: '@babel/generator': 7.28.5 '@babel/parser': 7.28.5 - '@babel/runtime': 7.28.4 + '@babel/runtime': 7.28.6 chalk: 4.1.2 fb-watchman: 2.0.2 graphql: 16.12.0 @@ -12866,6 +12887,8 @@ snapshots: '@babel/runtime@7.28.4': {} + '@babel/runtime@7.28.6': {} + '@babel/template@7.27.2': dependencies: '@babel/code-frame': 7.27.1 @@ -15888,7 +15911,7 @@ snapshots: '@slorber/react-helmet-async@1.3.0(react-dom@19.2.0(react@19.2.0))(react@19.2.0)': dependencies: - '@babel/runtime': 7.28.4 + '@babel/runtime': 7.28.6 invariant: 2.2.4 prop-types: 15.8.1 react: 19.2.0 @@ -22095,6 +22118,12 @@ snapshots: tiny-invariant: 1.3.3 tiny-warning: 1.0.3 + react-router-dom@7.12.0(react-dom@19.2.0(react@19.2.0))(react@19.2.0): + dependencies: + react: 19.2.0 + react-dom: 19.2.0(react@19.2.0) + react-router: 7.12.0(react-dom@19.2.0(react@19.2.0))(react@19.2.0) + react-router-dom@7.9.6(react-dom@19.2.0(react@19.2.0))(react@19.2.0): dependencies: react: 19.2.0 @@ -22114,6 +22143,14 @@ snapshots: tiny-invariant: 1.3.3 tiny-warning: 1.0.3 + react-router@7.12.0(react-dom@19.2.0(react@19.2.0))(react@19.2.0): + dependencies: + cookie: 1.1.1 + react: 19.2.0 + set-cookie-parser: 2.7.2 + optionalDependencies: + react-dom: 19.2.0(react@19.2.0) + react-router@7.9.6(react-dom@19.2.0(react@19.2.0))(react@19.2.0): dependencies: cookie: 1.1.1 @@ -22297,7 +22334,7 @@ snapshots: relay-runtime@12.0.0: dependencies: - '@babel/runtime': 7.28.4 + '@babel/runtime': 7.28.6 fbjs: 3.0.5 invariant: 2.2.4 transitivePeerDependencies: From fb66c0c6affb684c03bb9cbf563396acae79650f Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Mon, 12 Jan 2026 16:08:04 -0500 Subject: [PATCH 3/8] docs: remove container-apiserver commit hash in the introduction flagged as potential security risk by sourcery --- apps/docs/docs/intro.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/docs/docs/intro.md b/apps/docs/docs/intro.md index ea3e26482..bd5537de5 100644 --- a/apps/docs/docs/intro.md +++ b/apps/docs/docs/intro.md @@ -126,7 +126,7 @@ This is a one-time setup and is a requirement for the `edgescan:dev` script. application data root: /Users//Library/Application Support/com.apple.container/ application install root: /usr/local/ container-apiserver version: container-apiserver version 0.7.1 (build: release, commit: 420be74) - container-apiserver commit: 420be748f18afc685d11987ac5118c928e174c19 + container-apiserver commit: ... ``` ## Start Development From 8c7ba16c17d34b2442338cba62cca1343d873cb9 Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Mon, 12 Jan 2026 16:15:06 -0500 Subject: [PATCH 4/8] docs: update local setup instructions for EdgeScan integration on macOS --- apps/docs/docs/intro.md | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/apps/docs/docs/intro.md b/apps/docs/docs/intro.md index bd5537de5..1e0a3a91c 100644 --- a/apps/docs/docs/intro.md +++ b/apps/docs/docs/intro.md @@ -104,9 +104,13 @@ pnpm run snyk:iac # IaC - scan Bicep templates for misconfigurations > **Note**: Only use the npm scripts listed above. Other Snyk scripts (`snyk:monitor`, `snyk:code:report`) are reserved for CI/CD pipeline use only. -## Apple Native Containers Setup +## Local EdgeScan Setup -This is a one-time setup and is a requirement for the `edgescan:dev` script. +This setup is required for the `edgescan:dev` script. + +### 1. Apple Native Containers + +This is a one-time setup for macOS developers. 1. Download the `container-installer-signed.pkg` from the [Apple Native Containers releases](https://github.com/apple/container/releases). 2. Run the installer. @@ -125,10 +129,19 @@ This is a one-time setup and is a requirement for the `edgescan:dev` script. apiserver is running application data root: /Users//Library/Application Support/com.apple.container/ application install root: /usr/local/ - container-apiserver version: container-apiserver version 0.7.1 (build: release, commit: 420be74) + container-apiserver version: container-apiserver version 0.7.1 ... container-apiserver commit: ... ``` +### 2. EdgeScan API Token + +1. Login to [intealth.edgescan.com](https://intealth.edgescan.com). +2. Go to your **Profile Settings** and generate an API token for your account. +3. Export the token in your terminal (consider adding this to your `~/.zshrc` or `~/.bashrc`): + ```bash + export ES_API_TOKEN="" + ``` + ## Start Development Run the development environment: From 3ebab03b9a840af2de05474b5855649a18e3f163 Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Tue, 13 Jan 2026 09:22:26 -0500 Subject: [PATCH 5/8] docs: enhance EdgeScan setup instructions and clarify usage for local security validation --- apps/docs/docs/intro.md | 15 ++++++++++----- apps/ui-community/package.json | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/apps/docs/docs/intro.md b/apps/docs/docs/intro.md index 1e0a3a91c..5d2999b3e 100644 --- a/apps/docs/docs/intro.md +++ b/apps/docs/docs/intro.md @@ -106,9 +106,17 @@ pnpm run snyk:iac # IaC - scan Bicep templates for misconfigurations ## Local EdgeScan Setup +EdgeScan is a **Dynamic Application Security Testing (DAST)** platform. Unlike Snyk or SonarCloud which analyze source code, EdgeScan scans **live, running applications** to provide deep security intelligence and continuous vulnerability profiling for our serverless architecture. + +**How to use:** +- Use `pnpm run edgescan:dev` to run local security validation scans. +- **DO NOT use** `edgescan:agent` - this script is strictly reserved for the **GitHub Copilot AI Coding Agent** and CI/CD automation. + +### Prerequisites + This setup is required for the `edgescan:dev` script. -### 1. Apple Native Containers +#### 1. Apple Native Containers This is a one-time setup for macOS developers. @@ -127,10 +135,7 @@ This is a one-time setup for macOS developers. ```text ❯ container system status apiserver is running - application data root: /Users//Library/Application Support/com.apple.container/ - application install root: /usr/local/ - container-apiserver version: container-apiserver version 0.7.1 ... - container-apiserver commit: ... + ... ``` ### 2. EdgeScan API Token diff --git a/apps/ui-community/package.json b/apps/ui-community/package.json index 229f2f7dc..02cc4e56f 100644 --- a/apps/ui-community/package.json +++ b/apps/ui-community/package.json @@ -4,16 +4,16 @@ "private": true, "type": "module", "scripts": { - "prebuild": "biome lint", - "build": "tsc --build && vite build", - "start": "vite", - "lint": "biome lint", - "preview": "vite preview", - "test": "vitest run --silent --reporter=dot", - "test:coverage": "vitest run --coverage --silent --reporter=dot", - "test:watch": "vitest", - "storybook": "storybook dev -p 6008", - "build-storybook": "storybook build" + "prebuild": "biome lint", + "build": "tsc --build && vite build", + "start": "vite", + "lint": "biome lint", + "preview": "vite preview", + "test": "vitest run --silent --reporter=dot", + "test:coverage": "vitest run --coverage --silent --reporter=dot", + "test:watch": "vitest", + "storybook": "storybook dev -p 6008", + "build-storybook": "storybook build" }, "dependencies": { "@ant-design/icons": "^6.0.2", From 50f98c1f69089fc6b43f8bb0f927426bbb3504c8 Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Tue, 13 Jan 2026 09:37:19 -0500 Subject: [PATCH 6/8] style: format script section in package.json for consistency --- apps/ui-community/package.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/apps/ui-community/package.json b/apps/ui-community/package.json index 02cc4e56f..11917c86a 100644 --- a/apps/ui-community/package.json +++ b/apps/ui-community/package.json @@ -4,16 +4,16 @@ "private": true, "type": "module", "scripts": { - "prebuild": "biome lint", - "build": "tsc --build && vite build", - "start": "vite", - "lint": "biome lint", - "preview": "vite preview", - "test": "vitest run --silent --reporter=dot", - "test:coverage": "vitest run --coverage --silent --reporter=dot", - "test:watch": "vitest", - "storybook": "storybook dev -p 6008", - "build-storybook": "storybook build" + "prebuild": "biome lint", + "build": "tsc --build && vite build", + "start": "vite", + "lint": "biome lint", + "preview": "vite preview", + "test": "vitest run --silent --reporter=dot", + "test:coverage": "vitest run --coverage --silent --reporter=dot", + "test:watch": "vitest", + "storybook": "storybook dev -p 6008", + "build-storybook": "storybook build" }, "dependencies": { "@ant-design/icons": "^6.0.2", From 1507588965f68ec022e9c44f65b0421fb2ba4eab Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Tue, 13 Jan 2026 14:48:02 -0500 Subject: [PATCH 7/8] docs: improve clarity in EdgeScan setup instructions and correct minor grammatical errors --- apps/docs/docs/intro.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/docs/docs/intro.md b/apps/docs/docs/intro.md index 5d2999b3e..7e63a10f4 100644 --- a/apps/docs/docs/intro.md +++ b/apps/docs/docs/intro.md @@ -106,7 +106,7 @@ pnpm run snyk:iac # IaC - scan Bicep templates for misconfigurations ## Local EdgeScan Setup -EdgeScan is a **Dynamic Application Security Testing (DAST)** platform. Unlike Snyk or SonarCloud which analyze source code, EdgeScan scans **live, running applications** to provide deep security intelligence and continuous vulnerability profiling for our serverless architecture. +EdgeScan is a **Dynamic Application Security Testing (DAST)** platform. Unlike Snyk or SonarCloud, which analyze source code, EdgeScan scans **live, running applications** to provide deep security intelligence and continuous vulnerability profiling for our serverless architecture. **How to use:** - Use `pnpm run edgescan:dev` to run local security validation scans. @@ -138,9 +138,9 @@ This is a one-time setup for macOS developers. ... ``` -### 2. EdgeScan API Token +#### 2. EdgeScan API Token -1. Login to [intealth.edgescan.com](https://intealth.edgescan.com). +1. Log in to [intealth.edgescan.com](https://intealth.edgescan.com). 2. Go to your **Profile Settings** and generate an API token for your account. 3. Export the token in your terminal (consider adding this to your `~/.zshrc` or `~/.bashrc`): ```bash From c20e393191a447f7a7bf20766794cdbc4614a43e Mon Sep 17 00:00:00 2001 From: Nick Noce Date: Tue, 27 Jan 2026 14:24:38 -0500 Subject: [PATCH 8/8] fix: update EdgeScan stage conditions to test on PR run and fix cache key format bug --- build-pipeline/core/monorepo-build-stage.yml | 12 ++++++------ build-pipeline/core/monorepo-deployment-stage.yml | 2 +- build-pipeline/core/monorepo-edgescan-stage.yml | 7 ++----- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/build-pipeline/core/monorepo-build-stage.yml b/build-pipeline/core/monorepo-build-stage.yml index c972c790a..9e9e5fe72 100644 --- a/build-pipeline/core/monorepo-build-stage.yml +++ b/build-pipeline/core/monorepo-build-stage.yml @@ -434,7 +434,7 @@ stages: # Deploy API package with production dependencies - task: Bash@3 displayName: 'Artifact: Prepare API' - condition: and(succeeded(), eq(variables['BuildJob.HAS_BACKEND_CHANGES'], 'true'), ne(variables['Build.Reason'], 'PullRequest')) + condition: and(succeeded(), eq(variables['BuildJob.HAS_BACKEND_CHANGES'], 'true')) inputs: targetType: 'inline' script: | @@ -495,7 +495,7 @@ stages: # Package UI Community compiled assets into artifact - task: ArchiveFiles@2 displayName: 'Artifact: Prepare UI Community' - condition: and(succeeded(), eq(variables['BuildJob.HAS_FRONTEND_CHANGES'], 'true'), ne(variables['Build.Reason'], 'PullRequest')) + condition: and(succeeded(), eq(variables['BuildJob.HAS_FRONTEND_CHANGES'], 'true')) inputs: rootFolderOrFile: 'apps/ui-community/dist' includeRootFolder: false @@ -506,7 +506,7 @@ stages: # Package Docs compiled assets into artifact - task: ArchiveFiles@2 displayName: 'Artifact: Prepare Docs' - condition: and(succeeded(), eq(variables['BuildJob.HAS_DOCS_CHANGES'], 'true'), ne(variables['Build.Reason'], 'PullRequest')) + condition: and(succeeded(), eq(variables['BuildJob.HAS_DOCS_CHANGES'], 'true')) inputs: rootFolderOrFile: 'apps/docs/build' includeRootFolder: false @@ -517,17 +517,17 @@ stages: # Upload API artifact as build result - publish: $(Build.ArtifactStagingDirectory)/api-$(Build.BuildId).zip displayName: 'Artifact: Publish API' - condition: and(succeeded(), eq(variables['BuildJob.HAS_BACKEND_CHANGES'], 'true'), ne(variables['Build.Reason'], 'PullRequest')) + condition: and(succeeded(), eq(variables['BuildJob.HAS_BACKEND_CHANGES'], 'true')) artifact: api # Upload UI Community artifact as build result - publish: $(Build.ArtifactStagingDirectory)/ui-community-$(Build.BuildId).zip displayName: 'Artifact: Publish UI Community' - condition: and(succeeded(), eq(variables['BuildJob.HAS_FRONTEND_CHANGES'], 'true'), ne(variables['Build.Reason'], 'PullRequest')) + condition: and(succeeded(), eq(variables['BuildJob.HAS_FRONTEND_CHANGES'], 'true')) artifact: ui-community # Upload Docs artifact as build result - publish: $(Build.ArtifactStagingDirectory)/docs-$(Build.BuildId).zip displayName: 'Artifact: Publish Docs' - condition: and(succeeded(), eq(variables['BuildJob.HAS_DOCS_CHANGES'], 'true'), ne(variables['Build.Reason'], 'PullRequest')) + condition: and(succeeded(), eq(variables['BuildJob.HAS_DOCS_CHANGES'], 'true')) artifact: docs \ No newline at end of file diff --git a/build-pipeline/core/monorepo-deployment-stage.yml b/build-pipeline/core/monorepo-deployment-stage.yml index 937780a6b..46c0e1bda 100644 --- a/build-pipeline/core/monorepo-deployment-stage.yml +++ b/build-pipeline/core/monorepo-deployment-stage.yml @@ -33,7 +33,7 @@ stages: - stage: ${{parameters.stageName}} displayName: ${{parameters.stageName}} stage dependsOn: Build - condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) + condition: succeeded() jobs: - template: ../../apps/api/deploy-api.yml parameters: diff --git a/build-pipeline/core/monorepo-edgescan-stage.yml b/build-pipeline/core/monorepo-edgescan-stage.yml index d16e5b315..757fd625b 100644 --- a/build-pipeline/core/monorepo-edgescan-stage.yml +++ b/build-pipeline/core/monorepo-edgescan-stage.yml @@ -14,20 +14,17 @@ stages: - stage: ${{parameters.stageName}} displayName: 'EdgeScan Security Scan' dependsOn: ${{parameters.dependsOn}} - condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) + condition: succeeded() jobs: - job: EdgeScan displayName: 'EdgeScan CI/CD Integration' - variables: - # Generates a monthly key like "2026-01" to ensure the image is refreshed monthly - cacheMonth: $[format('{0:yyyy-MM}', pipeline.startTime)] pool: vmImage: ${{parameters.vmImageName}} steps: - task: Cache@2 displayName: 'Cache EdgeScan Docker Image' inputs: - key: 'docker | edgescan | latest | $(cacheMonth)' + key: 'docker | edgescan | latest' path: $(Pipeline.Workspace)/docker-cache cacheHitVar: DOCKER_CACHE_HIT