Fix warning in Courtesy Push Pipeline: CFS0011 due to missing NuGet.config files #21543
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
surajitshil-03
changed the title
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
surajitshil-03
requested review from
a team,
DergachevE and
tarunramsinghani
as code owners
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
…rosoft/azure-pipelines-tasks into users/surajitshil/fixCFS0011
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
sanjuyadav24
approved these changes
Dec 8, 2025
rishabhmalikMS
approved these changes
Dec 9, 2025
dassayantan24
approved these changes
Dec 9, 2025
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
This PR resolves CFS0011 compliance warnings in the courtesy push pipeline by adding required NuGet.config files for .NET projects in the repository. Component Framework Scanning (CFS) requires explicit package source declarations for all .csproj files to ensure security and compliance with Microsoft's open-source dependency policies.
Work-item: AB#2340256
Task: AB#2340257
Task Name
NA
Description
Added NuGet.config file at the root level of the repo so that all the .csproj files can use this config file during the CFS scan
Earlier we used to get warnings like this:
After adding the necessary files we don't get those CFS warnings:
Risk Assessment (Low / Medium / High)
Low
Change Behind Feature Flag (Yes / No)
No
This is a compliance/configuration fix required for the pipeline to pass CFS scanning.
Tech Design / Approach
Documentation Changes Required (Yes/No)
No
Unit Tests Added or Updated (Yes / No)
No
Additional Testing Performed
Tested locally as well as running the courtesy push pipeline in dryRun mode: https://dev.azure.com/mseng/AzureDevOps/_build/results?buildId=30798287&view=results
Logging Added/Updated (Yes/No)
No
Telemetry Added/Updated (Yes/No)
No
Rollback Scenario and Process (Yes/No)
Yes
Rollback: Simply revert this PR. The only impact would be CFS warnings returning (non-blocking for functionality).
Dependency Impact Assessed and Regression Tested (Yes/No)
NA
Checklist
NA