From 6a62adc8a761d07f97f37ce32639e2f543efd528 Mon Sep 17 00:00:00 2001
From: Ben Broderick Phillips <bebroder@microsoft.com>
Date: Thu, 14 Dec 2023 14:07:53 -0500
Subject: [PATCH 1/2] Add selective component governance step

---
 eng/pipelines/templates/jobs/archetype-sdk-client.yml | 5 +++++
 eng/pipelines/templates/variables/globals.yml         | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/eng/pipelines/templates/jobs/archetype-sdk-client.yml b/eng/pipelines/templates/jobs/archetype-sdk-client.yml
index 3acece95315f..7caf98b092a7 100644
--- a/eng/pipelines/templates/jobs/archetype-sdk-client.yml
+++ b/eng/pipelines/templates/jobs/archetype-sdk-client.yml
@@ -151,12 +151,17 @@ stages:
           Codeql.Enabled: true
           Codeql.BuildIdentifier: ${{ parameters.ServiceDirectory }}
           Codeql.SkipTaskAutoInjection: false
+          skipComponentGovernanceDetection: true
       pool:
         name: azsdk-pool-mms-ubuntu-2004-general
 
       steps:
       - template: /eng/common/pipelines/templates/steps/check-spelling.yml
 
+      - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+        displayName: "Component Detection"
+        condition: and(succeededOrFailed(), ne(variables['Build.Reason'],'PullRequest'))
+
       - task: GoTool@0
         inputs:
           version: '1.21.0'
diff --git a/eng/pipelines/templates/variables/globals.yml b/eng/pipelines/templates/variables/globals.yml
index 77984cc5ffa7..e21cb3712dc8 100644
--- a/eng/pipelines/templates/variables/globals.yml
+++ b/eng/pipelines/templates/variables/globals.yml
@@ -5,9 +5,12 @@ variables:
   # https://docs.opensource.microsoft.com/tools/cg/index.html
   # https://github.com/microsoft/component-detection/blob/main/src/Microsoft.ComponentDetection.Detectors/go/GoComponentDetector.cs
   EnableGoCliScan: true
-  
+
   # Disable CodeQL injections except for where we specifically enable it
   Codeql.SkipTaskAutoInjection: true
 
   # Set the default value so that 'Build Performance Tests' step can resolve it
   UseAzcoreFromMain: $[eq(variables['Use.AzcoreFromMain'], 'true')]
+
+  # We enable this selectively to avoid overloading CG scanning/reporting on PR pipelines
+  skipComponentGovernanceDetection: true

From bdf9c912c95588c6ab575c9a936645974361b3f0 Mon Sep 17 00:00:00 2001
From: Ben Broderick Phillips <bebroder@microsoft.com>
Date: Thu, 14 Dec 2023 17:31:21 -0500
Subject: [PATCH 2/2] Use globals.yml in analyze job

---
 eng/pipelines/templates/jobs/archetype-sdk-client.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/eng/pipelines/templates/jobs/archetype-sdk-client.yml b/eng/pipelines/templates/jobs/archetype-sdk-client.yml
index 7caf98b092a7..68aa62742813 100644
--- a/eng/pipelines/templates/jobs/archetype-sdk-client.yml
+++ b/eng/pipelines/templates/jobs/archetype-sdk-client.yml
@@ -148,10 +148,12 @@ stages:
     - job: Analyze
       displayName: Analyze
       variables:
-          Codeql.Enabled: true
-          Codeql.BuildIdentifier: ${{ parameters.ServiceDirectory }}
-          Codeql.SkipTaskAutoInjection: false
-          skipComponentGovernanceDetection: true
+        - name: Codeql.Enabled
+          value: true
+        - name: Codeql.BuildIdentifier
+          value: ${{ parameters.ServiceDirectory }}
+        - name: Codeql.SkipTaskAutoInjection
+          value: false
       pool:
         name: azsdk-pool-mms-ubuntu-2004-general