msbuild icon indicating copy to clipboard operation
msbuild copied to clipboard

Published 20 hours ago verified publisher icon dotnet

[BuildCheck] Add BuildCheck run notifications to msbuild output

Open rokonec opened this issue 1 year ago • 2 comments

Add BuildCheck run notifications to msbuild output, even if no checks failed. Include package name in output so it can be tracked in case of malicious package.

This is recommendation from our security leaders. This shall increase discoverability and awareness what BuildChecks packages have had run during build, so user can easily detect abnormal or unexpected behavior.

@baronfel We have to design how to align this request with terminal logger minimal verbosity model. There were reasoning that since BuildCheck from CLI will be opt-in (mostly by CLI argument) and from practical point of view rare, we can afford to include this in summary - provided some buildcheck have had actually run.

rokonec avatar May 15 '24 11:05 rokonec

The message priority has to be set as "normal" at most and visible for -diag verbosity mode.

YuliiaKovalova avatar Jun 05 '24 14:06 YuliiaKovalova

Constraints that I'd like:

  • we should log this data to binlogs unconditionally
  • we should not log this data to the Terminal Logger output by default
  • we should log this data to the Terminal Logger output when a -diag verbosity is specified

baronfel avatar Jun 11 '24 14:06 baronfel