From 976ea63141d83ca387833269c06a71a1bde3ca37 Mon Sep 17 00:00:00 2001
From: William Lyles <26171886+wilyle@users.noreply.github.com>
Date: Fri, 29 Sep 2023 14:07:16 -0700
Subject: [PATCH 1/2] add cs security audit step

---
 .github/workflows/security-audit.yml | 39 +++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
index 09d029f..e276376 100644
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -24,4 +24,41 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: audit
-          args: --deny warnings
\ No newline at end of file
+          args: --deny warnings
+
+  security_audit_csharp:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'csharp' ]
+    steps:
+      - name: Checkout repository and submodules
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: Install .NET 6.0.119
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: 6.0.119
+          global-json-file: cloud_connectors/azure/digital_twins_connector/global.json
+      - name: Cache NuGet dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.nuget/packages
+          # Look to see if there is a cache hit for the corresponding requirements file
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget
+      - name: Check .NET version
+        run: dotnet --info
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+      - name: Build Digital Twins Connector
+        run: ./cloud_connectors/azure/digital_twins_connector/build.sh
+      - name: Build MQTT Connector's Azure Function
+        run: dotnet build cloud_connectors/azure/mqtt_connector/azure_function/src/function.csproj
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
\ No newline at end of file

From 0666ccee3d76f406c082f7dba5d1149f472925c2 Mon Sep 17 00:00:00 2001
From: William Lyles <26171886+wilyle@users.noreply.github.com>
Date: Fri, 29 Sep 2023 14:11:51 -0700
Subject: [PATCH 2/2] fix policy

---
 .github/workflows/security-audit.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
index e276376..6a2e59e 100644
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -7,6 +7,7 @@ on:
       - "**/Cargo.toml"
       - "**/Cargo.lock"
       - ".github/workflows/security-audit.yaml"
+      - "cloud_connectors/azure/**"
   schedule:
     - cron: "0 0 * * *" # once a day at midnight UTC
     # NB: that cron trigger on GH actions runs only on the default branch