From 19299d2749e74f71793478a03b2a0189dd630c4a Mon Sep 17 00:00:00 2001
From: zanejohnson-azure <zanejohnson@microsoft.com>
Date: Fri, 13 Jun 2025 11:27:42 -0700
Subject: [PATCH 1/4] guardian fix

---
 .gdn/.gdnsuppress                             | 25 --------
 .pipelines/azure_pipeline_mergedbranches.yaml | 16 +----
 guardian/SDL/gdnsuppress                      | 64 +++++++++++++++++++
 3 files changed, 67 insertions(+), 38 deletions(-)
 delete mode 100644 .gdn/.gdnsuppress
 create mode 100644 guardian/SDL/gdnsuppress

diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress
deleted file mode 100644
index ba63410dc..000000000
--- a/.gdn/.gdnsuppress
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  "tool": "credscan",
-  "suppressions": [
-    {
-      "file": "scripts/troubleshoot/TroubleshootError.ps1",
-      "line": 935,
-      "justification": "general kubectl command to get cres for troubleshooting"
-    },
-    {
-      "file": "scripts/troubleshoot/TroubleshootError_nonAzureK8s.ps1", 
-      "line": 452,
-      "justification": "general kubectl command to get creds for troubleshooting"
-    },
-    {
-      "file": "test/testkube/helm-testkube-values.yaml",
-      "line": 506,
-      "justification": "a configuration key name, not a secret"
-    },
-    {
-      "file": "test/testkube/helm-testkube-values.yaml",
-      "line": 687,
-      "justification": "used for ci testing clusters, not public accessible"
-    }
-  ]
-}
\ No newline at end of file
diff --git a/.pipelines/azure_pipeline_mergedbranches.yaml b/.pipelines/azure_pipeline_mergedbranches.yaml
index 8cdf501b9..ed3e4506f 100644
--- a/.pipelines/azure_pipeline_mergedbranches.yaml
+++ b/.pipelines/azure_pipeline_mergedbranches.yaml
@@ -39,6 +39,9 @@ extends:
         name: Azure-Pipelines-CI-Test-EO
         image: ci-1es-managed-windows-2022
         os: windows
+      suppression:
+        suppressionFile: $(Build.SourcesDirectory)\guardian\SDL\.gdnsuppress 
+      
     customBuildTags:
     - ES365AIMigrationTooling
     stages:
@@ -58,19 +61,6 @@ extends:
             targetPath: '$(Build.ArtifactStagingDirectory)'
             artifactName: drop
         steps:
-        - bash: |
-            echo "Current directory: $(pwd)"
-            echo "Contents of .gdn directory:"
-            find . -name ".gdnsuppress" -type f
-            ls -la .gdn/ || echo ".gdn directory not found"
-            echo "Build.SourcesDirectory: $(Build.SourcesDirectory)"
-            echo "System.DefaultWorkingDirectory: $(System.DefaultWorkingDirectory)"
-            echo "Copying Guardian suppression file to workspace root..."
-            mkdir -p /mnt/vss/_work/1/.gdn
-            cp .gdn/.gdnsuppress /mnt/vss/_work/1/.gdn/.gdnsuppress
-            echo "Verification - suppression file copied:"
-            ls -la /mnt/vss/_work/1/.gdn/
-          displayName: 'copy over Guardian suppression file'
         - task: ComponentGovernanceComponentDetection@0
         - bash: |
             commit=$(git describe)
diff --git a/guardian/SDL/gdnsuppress b/guardian/SDL/gdnsuppress
new file mode 100644
index 000000000..bf8494342
--- /dev/null
+++ b/guardian/SDL/gdnsuppress
@@ -0,0 +1,64 @@
+{
+  "hydrated": true,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions"
+  },
+  "version": "1.0.0",
+  "suppressionSets": {
+    "default": {
+      "name": "default",
+      "createdDate": "2025-06-11 21:49:35Z",
+      "lastUpdatedDate": "2025-06-11 21:49:35Z"
+    }
+  },
+  "results": {
+    "d7b5848a2ae854218463e08d9f4a5f1af219efd2318303f0e2809a19c32ce23f": {
+      "signature": "d7b5848a2ae854218463e08d9f4a5f1af219efd2318303f0e2809a19c32ce23f",
+      "alternativeSignatures": [],
+      "target": "scripts/troubleshoot/TroubleshootError.ps1",
+      "line": 935,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "credscan",
+      "ruleId": "CSCAN-GENERAL0060",
+      "createdDate": "2025-06-11 21:49:35Z"
+    },
+    "64ea9fed7769d951c48c06c4e7b75263a9524b1c201368536a7a0e3a414aa4ab": {
+      "signature": "64ea9fed7769d951c48c06c4e7b75263a9524b1c201368536a7a0e3a414aa4ab",
+      "alternativeSignatures": [],
+      "target": "scripts/troubleshoot/TroubleshootError_nonAzureK8s.ps1",
+      "line": 452,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "credscan",
+      "ruleId": "CSCAN-GENERAL0060",
+      "createdDate": "2025-06-11 21:49:35Z"
+    },
+    "8be214bf6f5d10a2ef39860ea5377f78c060e33eccbd4772982e373aec36f16a": {
+      "signature": "8be214bf6f5d10a2ef39860ea5377f78c060e33eccbd4772982e373aec36f16a",
+      "alternativeSignatures": [],
+      "target": "test/testkube/helm-testkube-values.yaml",
+      "line": 506,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "credscan",
+      "ruleId": "CSCAN-GENERAL0060",
+      "createdDate": "2025-06-11 21:49:35Z"
+    },
+    "c0fca0f0214bc1300d3f3754bc97b4da3a2abd024179334879dd93c7b3d208a1": {
+      "signature": "c0fca0f0214bc1300d3f3754bc97b4da3a2abd024179334879dd93c7b3d208a1",
+      "alternativeSignatures": [],
+      "target": "test/testkube/helm-testkube-values.yaml",
+      "line": 687,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "credscan",
+      "ruleId": "CSCAN-GENERAL0060",
+      "createdDate": "2025-06-11 21:49:35Z"
+    }
+  }
+}
\ No newline at end of file

From 9854f7c661ac3f51c121e38085acb42c5b6c78b9 Mon Sep 17 00:00:00 2001
From: zanejohnson-azure <zanejohnson@microsoft.com>
Date: Fri, 13 Jun 2025 11:30:55 -0700
Subject: [PATCH 2/4] remove blank line

---
 .pipelines/azure_pipeline_mergedbranches.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.pipelines/azure_pipeline_mergedbranches.yaml b/.pipelines/azure_pipeline_mergedbranches.yaml
index ed3e4506f..5741c28e1 100644
--- a/.pipelines/azure_pipeline_mergedbranches.yaml
+++ b/.pipelines/azure_pipeline_mergedbranches.yaml
@@ -41,7 +41,6 @@ extends:
         os: windows
       suppression:
         suppressionFile: $(Build.SourcesDirectory)\guardian\SDL\.gdnsuppress 
-      
     customBuildTags:
     - ES365AIMigrationTooling
     stages:

From 8d434a7e9eb015a0dfa147e37f6b4bf8e4e32494 Mon Sep 17 00:00:00 2001
From: zanejohnson-azure <zanejohnson@microsoft.com>
Date: Fri, 13 Jun 2025 13:18:35 -0700
Subject: [PATCH 3/4] rename gdnsuppress

---
 guardian/SDL/{gdnsuppress => .gdnsuppress} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename guardian/SDL/{gdnsuppress => .gdnsuppress} (100%)

diff --git a/guardian/SDL/gdnsuppress b/guardian/SDL/.gdnsuppress
similarity index 100%
rename from guardian/SDL/gdnsuppress
rename to guardian/SDL/.gdnsuppress

From 9775af98b840f3c9ddd4e9288ffa9a5242def000 Mon Sep 17 00:00:00 2001
From: zanejohnson-azure <zanejohnson@microsoft.com>
Date: Fri, 13 Jun 2025 13:42:05 -0700
Subject: [PATCH 4/4] remove all

---
 .pipelines/azure_pipeline_mergedbranches.yaml |  2 -
 guardian/SDL/.gdnsuppress                     | 64 -------------------
 2 files changed, 66 deletions(-)
 delete mode 100644 guardian/SDL/.gdnsuppress

diff --git a/.pipelines/azure_pipeline_mergedbranches.yaml b/.pipelines/azure_pipeline_mergedbranches.yaml
index 5741c28e1..8ac2d7b31 100644
--- a/.pipelines/azure_pipeline_mergedbranches.yaml
+++ b/.pipelines/azure_pipeline_mergedbranches.yaml
@@ -39,8 +39,6 @@ extends:
         name: Azure-Pipelines-CI-Test-EO
         image: ci-1es-managed-windows-2022
         os: windows
-      suppression:
-        suppressionFile: $(Build.SourcesDirectory)\guardian\SDL\.gdnsuppress 
     customBuildTags:
     - ES365AIMigrationTooling
     stages:
diff --git a/guardian/SDL/.gdnsuppress b/guardian/SDL/.gdnsuppress
deleted file mode 100644
index bf8494342..000000000
--- a/guardian/SDL/.gdnsuppress
+++ /dev/null
@@ -1,64 +0,0 @@
-{
-  "hydrated": true,
-  "properties": {
-    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions"
-  },
-  "version": "1.0.0",
-  "suppressionSets": {
-    "default": {
-      "name": "default",
-      "createdDate": "2025-06-11 21:49:35Z",
-      "lastUpdatedDate": "2025-06-11 21:49:35Z"
-    }
-  },
-  "results": {
-    "d7b5848a2ae854218463e08d9f4a5f1af219efd2318303f0e2809a19c32ce23f": {
-      "signature": "d7b5848a2ae854218463e08d9f4a5f1af219efd2318303f0e2809a19c32ce23f",
-      "alternativeSignatures": [],
-      "target": "scripts/troubleshoot/TroubleshootError.ps1",
-      "line": 935,
-      "memberOf": [
-        "default"
-      ],
-      "tool": "credscan",
-      "ruleId": "CSCAN-GENERAL0060",
-      "createdDate": "2025-06-11 21:49:35Z"
-    },
-    "64ea9fed7769d951c48c06c4e7b75263a9524b1c201368536a7a0e3a414aa4ab": {
-      "signature": "64ea9fed7769d951c48c06c4e7b75263a9524b1c201368536a7a0e3a414aa4ab",
-      "alternativeSignatures": [],
-      "target": "scripts/troubleshoot/TroubleshootError_nonAzureK8s.ps1",
-      "line": 452,
-      "memberOf": [
-        "default"
-      ],
-      "tool": "credscan",
-      "ruleId": "CSCAN-GENERAL0060",
-      "createdDate": "2025-06-11 21:49:35Z"
-    },
-    "8be214bf6f5d10a2ef39860ea5377f78c060e33eccbd4772982e373aec36f16a": {
-      "signature": "8be214bf6f5d10a2ef39860ea5377f78c060e33eccbd4772982e373aec36f16a",
-      "alternativeSignatures": [],
-      "target": "test/testkube/helm-testkube-values.yaml",
-      "line": 506,
-      "memberOf": [
-        "default"
-      ],
-      "tool": "credscan",
-      "ruleId": "CSCAN-GENERAL0060",
-      "createdDate": "2025-06-11 21:49:35Z"
-    },
-    "c0fca0f0214bc1300d3f3754bc97b4da3a2abd024179334879dd93c7b3d208a1": {
-      "signature": "c0fca0f0214bc1300d3f3754bc97b4da3a2abd024179334879dd93c7b3d208a1",
-      "alternativeSignatures": [],
-      "target": "test/testkube/helm-testkube-values.yaml",
-      "line": 687,
-      "memberOf": [
-        "default"
-      ],
-      "tool": "credscan",
-      "ruleId": "CSCAN-GENERAL0060",
-      "createdDate": "2025-06-11 21:49:35Z"
-    }
-  }
-}
\ No newline at end of file