From a8d14d83b668b14983aa7dd590730a3d38a35700 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 12:40:08 -0500
Subject: [PATCH 01/37] Security build definitions.

---
 .../security/DotNet-CLI-Security-Windows.json | 587 ++++++++++++++++++
 build/buildpipeline/security/dir.props        |   4 +
 build/buildpipeline/security/pipeline.json    |  22 +
 build/buildpipeline/security/syncAzure.proj   |  20 +
 .../buildpipeline/security/syncAzure.targets  |  29 +
 5 files changed, 662 insertions(+)
 create mode 100644 build/buildpipeline/security/DotNet-CLI-Security-Windows.json
 create mode 100644 build/buildpipeline/security/dir.props
 create mode 100644 build/buildpipeline/security/pipeline.json
 create mode 100644 build/buildpipeline/security/syncAzure.proj
 create mode 100644 build/buildpipeline/security/syncAzure.targets

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
new file mode 100644
index 0000000000..75c42ddea1
--- /dev/null
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -0,0 +1,587 @@
+{
+  "build": [
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Run clean.cmd",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "clean.cmd",
+        "arguments": "-all",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "failOnStandardError": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Run init-tools.cmd",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "init-tools.cmd",
+        "arguments": "",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "failOnStandardError": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Download Packages",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "solution": "$(Build.SourcesDirectory)\\buildpipeline\\security\\syncAzure.proj",
+        "msbuildLocationMethod": "version",
+        "msbuildVersion": "15.0",
+        "msbuildArchitecture": "x64",
+        "msbuildLocation": "",
+        "platform": "x64",
+        "configuration": "$(BuildConfiguration)",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobName)\" /verbosity:diag",
+        "clean": "false",
+        "maximumCpuCount": "false",
+        "restoreNugetPackages": "false",
+        "logProjectEvents": "false",
+        "createLogFile": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Extract downloaded nupkgs",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\packages\\AzureTransfer\"\ngci \"$pkgDir\\*.nupkg\" | rename-item -newname { [io.path]::ChangeExtension($_.name, \"zip\") }\ngci \"$pkgDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
+        "failOnStandardError": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "List all files",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "failOnStandardError": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Remove api-*, ucrtbase*, and files other than DLLs, PDBs and TXT",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$extList = \".dll\", \".pdb\", \".txt\"\ngci $secDir -Recurse | where { !$_.PSIsContainer } | % {\nif ($extList -inotcontains $_.Extension -or $_.BaseName -like \"api-*\" -or $_.BaseName -like \"ucrtbase*\")\n{\n    rm $_.FullName -Force\n    Write-Host \"Removed $($_.FullName)\"\n}\n}\n\n",
+        "failOnStandardError": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Workaround for long path - DELETE files with path length greater than or equal to 240 characters",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$longPath = New-Object System.Collections.ArrayList\ngci \"$SrcDir\\*\" -recurse | where {!$_.PSIsContainer}  | % {\nif ($($_.FullName.Length) -ge 240)\n{\n$longPath.Add($($_.Directory.FullName)) | Out-Null\n}\n}\n$longPath | % {\nStart-Process \"cmd\" -ArgumentList \"/c rd /S /Q $_\" -Wait\nWrite-Host \"DELETED $_\"\n}\n",
+        "failOnStandardError": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "List all files - post delete",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "failOnStandardError": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Run BinSkim ",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "3056813a-40e9-4b2f-8f6b-612d1bc4e045",
+        "versionSpec": "3.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "InputType": "CommandLine",
+        "arguments": "analyze security\\*.dll --recurse --sympath security\\*.pdb --verbose --statistics",
+        "Function": "analyze",
+        "AnalyzeTarget": "$(Build.ArtifactStagingDirectory)",
+        "AnalyzeSymPath": "",
+        "AnalyzeConfigPath": "default",
+        "AnalyzePluginPath": "",
+        "AnalyzeRecurse": "true",
+        "AnalyzeVerbose": "true",
+        "AnalyzeHashes": "true",
+        "AnalyzeStatistics": "false",
+        "AnalyzeEnvironment": "false",
+        "ExportRulesOutputType": "SARIF",
+        "DumpTarget": "$(Build.ArtifactStagingDirectory)",
+        "DumpRecurse": "true",
+        "DumpVerbose": "true",
+        "toolVersion": "Latest"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Run APIScan",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "9adea2b1-3752-438c-80c6-a6f0a812abdd",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "targetMode": "binarysym",
+        "softwareFolder": "$(Build.SourcesDirectory)\\security",
+        "mpdFolder": "",
+        "softwareName": "CLI",
+        "softwareVersionNum": "$(PB_BuildNumber)",
+        "softwareBuildNum": "$(PB_BuildNumber)",
+        "modeType": "prerelease",
+        "noCopySymbols": "false",
+        "noCopyBinaries": "false",
+        "noDecompress": "true",
+        "exclusionList": "",
+        "email": "",
+        "symbolsFolder": "$(Build.SourcesDirectory)\\security",
+        "preBbtBinariesFolder": "",
+        "preBbtSymbolsFolder": "",
+        "isLargeApp": "false",
+        "analyzerTimeout": "00:00:00",
+        "preserveTempFiles": "false",
+        "toolVersion": "Latest"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "git checkout",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory) \"$(PB_Git)\"",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir, $git)\n$pkgExtPath= Join-Path \"$SrcDir\" \"security\"\ngci \"$pkgExtPath\\version.txt\" -Recurse | % { \n$sha = gc $_\nWrite-Host \"$sha\"\nif (-not [string]::IsNullOrWhiteSpace($sha))\n{\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\nbreak\n}\n}",
+        "failOnStandardError": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Run CredScan",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "ea576cd4-c61f-48f8-97e7-a3cb07b90a6f",
+        "versionSpec": "2.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "outputFormat": "pre",
+        "toolVersion": "Latest",
+        "scanFolder": "$(Build.SourcesDirectory)",
+        "searchersFileType": "Default",
+        "searchersFile": "",
+        "suppressionsFile": "",
+        "suppressAsError": "false",
+        "batchSize": ""
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Run PoliCheck",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d785890c-0d0d-46bd-8167-8fa9d49990c7",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "inputType": "Basic",
+        "cmdLineArgs": "/F:$(Build.SourcesDirectory) /T:9 /O:PoliCheck.xml",
+        "targetType": "F",
+        "targetArgument": "$(Build.SourcesDirectory)",
+        "importEx": "0",
+        "termTypeT": "0029a9",
+        "termTypeTCustom": "9",
+        "termTypeK": "",
+        "termTypeL": "",
+        "EXGT": "false",
+        "result": "PoliCheck.xml",
+        "optionsFC": "1",
+        "optionsXS": "1",
+        "optionsCTGLEN": "",
+        "optionsSEV": "",
+        "optionsPE": "",
+        "optionsHMENABLE": "",
+        "optionsHPATH": "",
+        "optionsHVER": "",
+        "optionsRulesDBPath": "",
+        "optionsRule": "",
+        "optionsXCLASS": "",
+        "optionsTASKNAME": "",
+        "optionsWORKINGDIRECTORY": "",
+        "optionsFTPATH": "",
+        "optionsD": "",
+        "optionsB1": "",
+        "optionsB2": "",
+        "optionsB3": "",
+        "optionsOCDB": "",
+        "toolVersion": "Latest"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Post Analysis",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "f5679091-e6da-4974-a8dc-0eec03a8ea63",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "APIScan": "true",
+        "BinScope": "false",
+        "BinSkim": "true",
+        "BinSkimBreakOn": "Error",
+        "CredScan": "true",
+        "FortifySCA": "false",
+        "FxCop": "false",
+        "FxCopBreakOn": "ErrorAbove",
+        "ModernCop": "false",
+        "ModernCopBreakOn": "Error",
+        "PoliCheck": "true",
+        "PoliCheckBreakOn": "Severity1",
+        "SDLNativeRules": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Publish Security Analysis Logs",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "4096c760-3a8a-435d-9689-88c0311bbc0e",
+        "versionSpec": "2.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "ArtifactName": "CodeAnalysisLogs",
+        "ArtifactType": "Container",
+        "TargetPath": "\\\\my\\share\\$(Build.DefinitionName)\\$(Build.BuildNumber)",
+        "RvName": "",
+        "ProductComponentName": "",
+        "ProductVersionNumber": "",
+        "PlatformName": "",
+        "SDLToolName": "",
+        "SDLToolResultFile": ""
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "TSA upload to Codebase: DotNet-CLI-Trusted_$(CodeBase) Stamp: Azure",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "3da26988-bb64-4a23-8f06-45531d297dae",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "codebase": "NewOrUpdate",
+        "tsaStamp": "Azure",
+        "tsaWebApiUrl": "$(TSAStamp)",
+        "codeBaseName": "DotNet-CLI-Trusted_$(CodeBase)",
+        "notificationAlias": "$(NotificationAlias)",
+        "codeBaseAdmins": "NORTHAMERICA\\raeda",
+        "instanceUrlAzure": "MSAZURE",
+        "instanceUrlDevDiv": "DEVDIV",
+        "projectNameMSAZURE": "One",
+        "projectNameIDENTITYDIVISION": "",
+        "projectNameDEVDIV": "DevDiv",
+        "areaPath": "One\\DevDiv\\DotNetCore",
+        "iterationPath": "One",
+        "uploadAPIScan": "true",
+        "uploadBinScope": "false",
+        "uploadBinSkim": "true",
+        "uploadCredScan": "true",
+        "uploadFortifySCA": "false",
+        "uploadFxCop": "false",
+        "uploadModernCop": "false",
+        "uploadPoliCheck": "true",
+        "uploadPREfast": "false",
+        "validateToolOutput": "Warning",
+        "validateCompatibility": "Error",
+        "uploadAsync": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Run clean.cmd",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "clean.cmd",
+        "arguments": "-all",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "failOnStandardError": "false"
+      }
+    }
+  ],
+    "options": [
+        {
+            "enabled": false,
+            "definition": {
+                "id": "5bc3cfb7-6b54-4a4b-b5d2-a3905949f8a6"
+            },
+            "inputs": {}
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "7c555368-ca64-4199-add6-9ebaf0b0137d"
+            },
+            "inputs": {
+                "multipliers": "[]",
+                "parallel": "false",
+                "continueOnError": "true",
+                "additionalFields": "{}"
+            }
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "a9db38f9-9fdc-478c-b0f9-464221e58316"
+            },
+            "inputs": {
+                "workItemType": "234347",
+                "assignToRequestor": "true",
+                "additionalFields": "{}"
+            }
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "57578776-4c22-4526-aeb0-86b6da17ee9c"
+            },
+            "inputs": {}
+        },
+        {
+            "enabled": false,
+            "definition": {
+                "id": "5d58cc01-7c75-450c-be18-a388ddb129ec"
+            },
+            "inputs": {
+                "branchFilters": "[\"+refs/heads/*\"]",
+                "additionalFields": "{}"
+            }
+        }
+    ],
+    "variables": {
+        "system.debug": {
+            "value": "false"
+        }
+    },
+    "demands": [
+        "Agent.OS -equals windows_nt",
+        "msbuild"
+    ],
+    "retentionRules": [
+        {
+            "branches": [
+                "+refs/heads/*"
+            ],
+            "artifacts": [
+                "build.SourceLabel"
+            ],
+            "artifactTypesToDelete": [],
+            "daysToKeep": 10,
+            "minimumToKeep": 1,
+            "deleteBuildRecord": true,
+            "deleteTestResults": true
+        }
+    ],
+    "_links": {
+        "self": {
+            "href": "https://devdiv.visualstudio.com/0bdbc590-a062-4c3f-b0f6-9383f67865ee/_apis/build/Definitions/6661"
+        },
+        "web": {
+            "href": "https://devdiv.visualstudio.com/_permalink/_build/index?collectionId=011b8bdf-6d56-4f87-be0d-0092136884d9&projectId=0bdbc590-a062-4c3f-b0f6-9383f67865ee&definitionId=6661"
+        },
+        "editor": {
+            "href": "https://devdiv.visualstudio.com/_permalink/_build/definitionEditor?collectionId=011b8bdf-6d56-4f87-be0d-0092136884d9&projectId=0bdbc590-a062-4c3f-b0f6-9383f67865ee&definitionId=6661"
+        },
+        "badge": {
+            "href": "https://devdiv.visualstudio.com/_apis/public/build/definitions/0bdbc590-a062-4c3f-b0f6-9383f67865ee/6661/badge"
+        }
+    },
+    "buildNumberFormat": "$(date:yyyyMMdd)$(rev:-rr)",
+    "jobAuthorizationScope": 1,
+    "jobTimeoutInMinutes": 600,
+    "jobCancelTimeoutInMinutes": 5,
+    "badgeEnabled": true,
+    "repository": {
+        "properties": {
+            "cleanOptions": "3",
+            "labelSources": "0",
+            "labelSourcesFormat": "$(build.buildNumber)",
+            "reportBuildStatus": "true",
+            "gitLfsSupport": "false",
+            "skipSyncSource": "false",
+            "checkoutNestedSubmodules": "false",
+            "fetchDepth": "0"
+        },
+    "id": "c19ea379-feb7-4ca5-8f7f-5f2b5095ea62",
+    "type": "TfsGit",
+    "name": "DotNet-Cli-Trusted",
+    "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-Cli-Trusted",
+    "defaultBranch": "refs/heads/master",
+    "clean": "true",
+    "checkoutSubmodules": false
+  },
+    "processParameters": {},
+    "quality": "definition",
+    "authoredBy": {
+        "id": "9d5fdf9f-36b6-4d0c-a12e-2737a673af94",
+        "displayName": "Ravi Eda",
+        "uniqueName": "raeda@microsoft.com",
+        "url": "https://app.vssps.visualstudio.com/Aa44b2c06-f247-425c-8464-4a0676af910a/_apis/Identities/9d5fdf9f-36b6-4d0c-a12e-2737a673af94",
+        "imageUrl": "https://devdiv.visualstudio.com/_api/_common/identityImage?id=9d5fdf9f-36b6-4d0c-a12e-2737a673af94"
+        },
+    "queue": {
+        "id": 36,
+        "name": "DotNet-Build",
+        "pool": {
+            "id": 39,
+            "name": "DotNet-Build"
+            }
+     },
+    "id": 6661,
+    "name": "DotNet-CLI-Security-Windows",
+    "url": "https://devdiv.visualstudio.com/0bdbc590-a062-4c3f-b0f6-9383f67865ee/_apis/build/Definitions/6661",
+    "uri": "vstfs:///Build/Definition/6661",
+    "path": "\\",
+    "type": 2,
+    "revision": 2,
+    "createdDate": "2017-06-21T21:58:12.397Z",
+    "project": {
+        "id": "0bdbc590-a062-4c3f-b0f6-9383f67865ee",
+        "name": "DevDiv",
+        "description": "Visual Studio and DevDiv team project for git source code repositories.  Work items will be added for Adams, Dev14 work items are tracked in vstfdevdiv.  ",
+        "url": "https://devdiv.visualstudio.com/_apis/projects/0bdbc590-a062-4c3f-b0f6-9383f67865ee",
+        "state": "wellFormed",
+        "revision": 418097676,
+        "visibility": 0
+        }
+}
diff --git a/build/buildpipeline/security/dir.props b/build/buildpipeline/security/dir.props
new file mode 100644
index 0000000000..f942eccbe6
--- /dev/null
+++ b/build/buildpipeline/security/dir.props
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="..\..\..\BuildTools\dir.props" />
+</Project>
diff --git a/build/buildpipeline/security/pipeline.json b/build/buildpipeline/security/pipeline.json
new file mode 100644
index 0000000000..dbac3626b0
--- /dev/null
+++ b/build/buildpipeline/security/pipeline.json
@@ -0,0 +1,22 @@
+{
+    "Repository": "cli",
+    "Definitions": {
+        "Path": ".",
+        "Type": "VSTS",
+        "BaseUrl": "https://devdiv.visualstudio.com/DefaultCollection",
+        "SkipBranchAndVersionOverrides": "false"
+    },
+    "Pipelines": [
+        {
+            "Name": "Security Build for Windows",
+            "Parameters": {
+                "TreatWarningsAsErrors": "false"
+            },
+            "Definitions": [
+                {
+                    "Name": "DotNet-CLI-Security-Windows"
+                }
+            ]
+        }
+    ]
+}
diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
new file mode 100644
index 0000000000..7eaa6ed490
--- /dev/null
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
+
+  <PropertyGroup>
+    <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
+    <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
+  </PropertyGroup>
+
+  <Import Project="syncAzure.targets" />
+
+  <Target Name="ValidateRequiredProperties">
+    <Error Condition="'$(AzureAccount)' == ''" Text="Missing property AzureAccount." />
+    <Error Condition="'$(AzureToken)' == ''" Text="Missing property AzureToken." />
+    <Error Condition="'$(ContainerName)' == ''" Text="Missing required property 'ContainerName'" />
+    <Error Condition="'$(BlobName)' == ''" Text="Missing required property 'BlobName'" />
+  </Target>
+
+  <Target Name="Build" DependsOnTargets="ValidateRequiredProperties;DownloadBlobsFromAzureTargets" />
+</Project>
diff --git a/build/buildpipeline/security/syncAzure.targets b/build/buildpipeline/security/syncAzure.targets
new file mode 100644
index 0000000000..a170c33b6b
--- /dev/null
+++ b/build/buildpipeline/security/syncAzure.targets
@@ -0,0 +1,29 @@
+<Project ToolsVersion="12.0" DefaultTargets="DownloadBlobsFromAzureTargets" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <UsingTask TaskName="DownloadFromAzure" AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
+  <UsingTask TaskName="ListAzureBlobs" AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.CloudTestTasks.dll" />
+  <UsingTask TaskName="ListAzureContainers" AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
+
+  <PropertyGroup>
+    <DownloadDirectory Condition="'$(DownloadDirectory)' == ''">$(PackagesDir)/AzureTransfer</DownloadDirectory>
+  </PropertyGroup>
+
+  <Target Name="DownloadBlobsFromAzureTargets" Condition="'$(ContainerName)' != ''">
+    <ListAzureBlobs AccountName="$(AzureAccount)"
+                    AccountKey="$(AzureToken)"
+                    ContainerName="$(ContainerName)"
+                    FilterBlobNames="$(BlobName)">
+      <Output TaskParameter="BlobNames" ItemName="_BlobList" />
+    </ListAzureBlobs>
+
+    <ItemGroup>
+      <_CoreHostPackages Include="%(_BlobList.Identity)" Condition="'%(_BlobList.Extension)' == '.nupkg'" />
+    </ItemGroup>
+
+    <DownloadFromAzure AccountName="$(AzureAccount)"
+                        AccountKey="$(AzureToken)"
+                        ContainerName="$(ContainerName)"
+                        BlobNames="@(_CoreHostPackages)"
+                        BlobNamePrefix="$(BlobName)"
+                        DownloadDirectory="$(DownloadDirectory)" />
+  </Target>
+</Project>

From 0cc109d781ccbcd80516920e6273394045f12766 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 13:00:40 -0500
Subject: [PATCH 02/37] Update path to dir.props.

---
 build/buildpipeline/security/dir.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/dir.props b/build/buildpipeline/security/dir.props
index f942eccbe6..66958dcd39 100644
--- a/build/buildpipeline/security/dir.props
+++ b/build/buildpipeline/security/dir.props
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\BuildTools\dir.props" />
+  <Import Project="..\..\..\..\BuildTools\dir.props" />
 </Project>

From f18ae3bee5473a466b343c0b2372227e5938f778 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 14:11:33 -0500
Subject: [PATCH 03/37] Set path to CloudTestTasks

---
 build/buildpipeline/security/syncAzure.proj    | 1 +
 build/buildpipeline/security/syncAzure.targets | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index 7eaa6ed490..966c1c8f13 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,6 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
+    <CloudTestTasksPath>$(BaseOutputPath)\$(OSPlatformConfig)\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>
diff --git a/build/buildpipeline/security/syncAzure.targets b/build/buildpipeline/security/syncAzure.targets
index a170c33b6b..d49f6329f8 100644
--- a/build/buildpipeline/security/syncAzure.targets
+++ b/build/buildpipeline/security/syncAzure.targets
@@ -1,7 +1,7 @@
 <Project ToolsVersion="12.0" DefaultTargets="DownloadBlobsFromAzureTargets" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <UsingTask TaskName="DownloadFromAzure" AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
-  <UsingTask TaskName="ListAzureBlobs" AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.CloudTestTasks.dll" />
-  <UsingTask TaskName="ListAzureContainers" AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
+  <UsingTask TaskName="DownloadFromAzure" AssemblyFile="$(CloudTestTasksPath)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
+  <UsingTask TaskName="ListAzureBlobs" AssemblyFile="$(CloudTestTasksPath)Microsoft.DotNet.Build.CloudTestTasks.dll" />
+  <UsingTask TaskName="ListAzureContainers" AssemblyFile="$(CloudTestTasksPath)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
 
   <PropertyGroup>
     <DownloadDirectory Condition="'$(DownloadDirectory)' == ''">$(PackagesDir)/AzureTransfer</DownloadDirectory>

From 486f510ea220dbf2f79f5e4c0a5fffb2f8933328 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 15:09:16 -0500
Subject: [PATCH 04/37] Updated CloudTestTasksPath

---
 build/buildpipeline/security/syncAzure.proj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index 966c1c8f13..3bc7c87f2a 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(BaseOutputPath)\$(OSPlatformConfig)\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
+    <CloudTestTasksPath>$(BaseOutputPath)$(OSPlatformConfig)\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>

From 532857e786bc4624c68f397de57ab492fc717b41 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 15:52:34 -0500
Subject: [PATCH 05/37] Update CloudTestTasksPath

---
 build/buildpipeline/security/syncAzure.proj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index 3bc7c87f2a..0aa6b99241 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(BaseOutputPath)$(OSPlatformConfig)\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
+    <CloudTestTasksPath>$(PackagesBasePath)\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>

From e09cee572d65a20c42f35de837b0bd70d02fed64 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 16:35:47 -0500
Subject: [PATCH 06/37] Update CloudTestTasksPath.

---
 build/buildpipeline/security/syncAzure.proj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index 0aa6b99241..ccd6858382 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(PackagesBasePath)\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
+    <CloudTestTasksPath>$(BinDir)\AnyOS.AnyCPU.Debug\Microsoft.DotNet.Build.CloudTestTasks\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>

From 46bf99c888b6737688b5dcd8a03eefad39a8fad2 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 17:09:40 -0500
Subject: [PATCH 07/37] Updated CloudTestTasksPath.

---
 build/buildpipeline/security/syncAzure.proj    | 2 +-
 build/buildpipeline/security/syncAzure.targets | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index ccd6858382..3315ce0107 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(BinDir)\AnyOS.AnyCPU.Debug\Microsoft.DotNet.Build.CloudTestTasks\Microsoft.DotNet.Build.CloudTestTasks</CloudTestTasksPath>
+    <CloudTestTasksPath>$(BinDir)\AnyOS.AnyCPU.Debug\Microsoft.DotNet.Build.CloudTestTasks\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>
diff --git a/build/buildpipeline/security/syncAzure.targets b/build/buildpipeline/security/syncAzure.targets
index d49f6329f8..28a3503dd6 100644
--- a/build/buildpipeline/security/syncAzure.targets
+++ b/build/buildpipeline/security/syncAzure.targets
@@ -1,7 +1,7 @@
 <Project ToolsVersion="12.0" DefaultTargets="DownloadBlobsFromAzureTargets" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <UsingTask TaskName="DownloadFromAzure" AssemblyFile="$(CloudTestTasksPath)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
-  <UsingTask TaskName="ListAzureBlobs" AssemblyFile="$(CloudTestTasksPath)Microsoft.DotNet.Build.CloudTestTasks.dll" />
-  <UsingTask TaskName="ListAzureContainers" AssemblyFile="$(CloudTestTasksPath)Microsoft.DotNet.Build.CloudTestTasks.dll"/>
+  <UsingTask TaskName="DownloadFromAzure" AssemblyFile="$(CloudTestTasksPath)"/>
+  <UsingTask TaskName="ListAzureBlobs" AssemblyFile="$(CloudTestTasksPath)" />
+  <UsingTask TaskName="ListAzureContainers" AssemblyFile="$(CloudTestTasksPath)"/>
 
   <PropertyGroup>
     <DownloadDirectory Condition="'$(DownloadDirectory)' == ''">$(PackagesDir)/AzureTransfer</DownloadDirectory>

From 44bcc9afd7b6da86ab35831ca4093c9e1fcd4b7e Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 17:19:19 -0500
Subject: [PATCH 08/37] Try .net45.

---
 build/buildpipeline/security/syncAzure.proj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index 3315ce0107..ec9febca43 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(BinDir)\AnyOS.AnyCPU.Debug\Microsoft.DotNet.Build.CloudTestTasks\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
+    <CloudTestTasksPath>$(BinDir)\AnyOS.AnyCPU.Debug\Microsoft.DotNet.Build.CloudTestTasks.net45\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>

From 4ec5402204afcaf56a816346a2a986b3c9332ef3 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 18:46:29 -0500
Subject: [PATCH 09/37] Update CloudTestTasksPath.

---
 build/buildpipeline/security/syncAzure.proj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index ec9febca43..3b13454268 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(BinDir)\AnyOS.AnyCPU.Debug\Microsoft.DotNet.Build.CloudTestTasks.net45\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
+    <CloudTestTasksPath>$(BUILD_SOURCESDIRECTORY)\core-setup\Tools\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>

From c4318bb44607d77a6fa967d50b0a53ce4aba3e8a Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 18:47:37 -0500
Subject: [PATCH 10/37] Update dir.props.

---
 build/buildpipeline/security/dir.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/dir.props b/build/buildpipeline/security/dir.props
index 66958dcd39..d8060da6f9 100644
--- a/build/buildpipeline/security/dir.props
+++ b/build/buildpipeline/security/dir.props
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\..\BuildTools\dir.props" />
+  <Import Project="..\..\..\..\core-setup\dir.props" />
 </Project>

From b2248aaae7adf99145ed6c2955ed4a4a9af1a8cc Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Thu, 29 Jun 2017 18:51:56 -0500
Subject: [PATCH 11/37] Update to net46.

---
 build/buildpipeline/security/syncAzure.proj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index 3b13454268..3fba402eb8 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(BUILD_SOURCESDIRECTORY)\core-setup\Tools\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
+    <CloudTestTasksPath>$(BUILD_SOURCESDIRECTORY)\core-setup\Tools\net46\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>

From a666f774084e17a18be6a1dd68ff17dbd17458bf Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 11:02:35 -0500
Subject: [PATCH 12/37] Add download packages task.

---
 .../security/DotNet-CLI-Security-Windows.json | 42 ++++++-------------
 1 file changed, 12 insertions(+), 30 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 75c42ddea1..b45cfce851 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -1,24 +1,5 @@
 {
   "build": [
-    {
-      "enabled": true,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "Run clean.cmd",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "filename": "clean.cmd",
-        "arguments": "-all",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "failOnStandardError": "false"
-      }
-    },
     {
       "enabled": true,
       "continueOnError": false,
@@ -34,26 +15,27 @@
       "inputs": {
         "filename": "init-tools.cmd",
         "arguments": "",
-        "workingFolder": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)\\core-setup",
         "failOnStandardError": "false"
       }
     },
     {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Download Packages",
+      "displayName": "Download blobs that have prefix $(PB_BlobName) in container $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
+      "refName": "MSBuild_14",
       "task": {
         "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
         "versionSpec": "1.*",
         "definitionType": "task"
       },
       "inputs": {
-        "solution": "$(Build.SourcesDirectory)\\buildpipeline\\security\\syncAzure.proj",
+        "solution": "$(Build.SourcesDirectory)\\cli\\build\\buildpipeline\\security\\syncAzure.proj",
         "msbuildLocationMethod": "version",
-        "msbuildVersion": "15.0",
+        "msbuildVersion": "latest",
         "msbuildArchitecture": "x64",
         "msbuildLocation": "",
         "platform": "x64",
@@ -67,7 +49,7 @@
       }
     },
     {
-      "enabled": true,
+      "enabled": false,
       "continueOnError": true,
       "alwaysRun": false,
       "displayName": "Extract downloaded nupkgs",
@@ -109,7 +91,7 @@
       }
     },
     {
-      "enabled": true,
+      "enabled": false,
       "continueOnError": true,
       "alwaysRun": false,
       "displayName": "Remove api-*, ucrtbase*, and files other than DLLs, PDBs and TXT",
@@ -380,7 +362,7 @@
       }
     },
     {
-      "enabled": true,
+      "enabled": false,
       "continueOnError": true,
       "alwaysRun": false,
       "displayName": "TSA upload to Codebase: DotNet-CLI-Trusted_$(CodeBase) Stamp: Azure",
@@ -423,7 +405,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Run clean.cmd",
+      "displayName": "Run Core-Setup clean.cmd",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -434,7 +416,7 @@
       "inputs": {
         "filename": "clean.cmd",
         "arguments": "-all",
-        "workingFolder": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)\\core-setup",
         "failOnStandardError": "false"
       }
     }
@@ -542,7 +524,7 @@
             "checkoutNestedSubmodules": "false",
             "fetchDepth": "0"
         },
-    "id": "c19ea379-feb7-4ca5-8f7f-5f2b5095ea62",
+    "id": "ceac4423-53f8-4c97-bc62-173630412581",
     "type": "TfsGit",
     "name": "DotNet-Cli-Trusted",
     "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-Cli-Trusted",

From 1d300d13f427b9a4e56ade0b4c5dbdbd1f7b816f Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 11:36:11 -0500
Subject: [PATCH 13/37] Get sources from private branch.

---
 .../security/DotNet-CLI-Security-Windows.json | 26 +++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index b45cfce851..1c1939ecbd 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -381,10 +381,32 @@
         "notificationAlias": "$(NotificationAlias)",
         "codeBaseAdmins": "NORTHAMERICA\\raeda",
         "instanceUrlAzure": "MSAZURE",
+        "instanceUrlBing": "",
+        "instanceUrlCarbon": "",
         "instanceUrlDevDiv": "DEVDIV",
+        "instanceUrlSkype": "",
+        "instanceUrlTsa": "",
+        "instanceUrlPpe": "",
+        "projectNameDAIPVSTF": "",
+        "projectNameDYNAMICSCRM": "",
         "projectNameMSAZURE": "One",
-        "projectNameIDENTITYDIVISION": "",
+        "projectNameMSDYENG": "",
+        "projectNameMSECG": "",
+        "projectNameIDENTITYDIVISION": "Code Scan - TSA",
+        "projectNameVSTFRD": "",
+        "projectNameMSASG": "",
+        "projectNameMICROSOFTVSTS": "",
+        "projectNameMSDATA": "",
+        "projectNameMSENG": "",
         "projectNameDEVDIV": "DevDiv",
+        "projectNameSKYPETEST2": "",
+        "projectNameONEDRIVE": "",
+        "projectNameSQLBUVSTS": "",
+        "projectNamePOWERBI": "",
+        "projectNameAZUREVSTFPPE": "",
+        "projectNameSKYPE": "",
+        "projectNameDOMOREEXP": "",
+        "projectNameSQLBUVSTSTEST": "",
         "areaPath": "One\\DevDiv\\DotNetCore",
         "iterationPath": "One",
         "uploadAPIScan": "true",
@@ -528,7 +550,7 @@
     "type": "TfsGit",
     "name": "DotNet-Cli-Trusted",
     "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-Cli-Trusted",
-    "defaultBranch": "refs/heads/master",
+    "defaultBranch": "refs/heads/sec_ext",
     "clean": "true",
     "checkoutSubmodules": false
   },

From 4565d2c9c0828b40adebfa08d1af21d66b9cc178 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 11:54:33 -0500
Subject: [PATCH 14/37] Clone CLI and Core-Setup

---
 .../security/DotNet-CLI-Security-Windows.json | 76 +++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 1c1939ecbd..4797febbe7 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -1,5 +1,81 @@
 {
   "build": [
+  {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Clone CLI",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "$(PB_Git)",
+        "arguments": "clone $(PB_RepoUrl) $(PB_Repo)",
+        "workingFolder": "",
+        "failOnStandardError": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Checkout CLI $(SourceBranch)",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "$(PB_Git)",
+        "arguments": "checkout  $(SourceBranch)",
+        "workingFolder": "$(Build.SourcesDirectory)\\$(PB_Repo)",
+        "failOnStandardError": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Clone Core-Setup",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "$(PB_Git)",
+        "arguments": "clone $(CoreSetupUrl) core-setup",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "failOnStandardError": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Checkout Core-Setup master",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "$(PB_Git)",
+        "arguments": "checkout master",
+        "workingFolder": "$(build.SourcesDirectory)\\core-setup",
+        "failOnStandardError": "false"
+      }
+    },
     {
       "enabled": true,
       "continueOnError": false,

From 4627500c8364ea204f4077bc89cea8ad424e226f Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 12:01:47 -0500
Subject: [PATCH 15/37] Remove CLI cloning.

---
 .../security/DotNet-CLI-Security-Windows.json | 38 -------------------
 1 file changed, 38 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 4797febbe7..625d3e9a37 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -1,43 +1,5 @@
 {
   "build": [
-  {
-      "enabled": true,
-      "continueOnError": false,
-      "alwaysRun": false,
-      "displayName": "Clone CLI",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "filename": "$(PB_Git)",
-        "arguments": "clone $(PB_RepoUrl) $(PB_Repo)",
-        "workingFolder": "",
-        "failOnStandardError": "false"
-      }
-    },
-    {
-      "enabled": true,
-      "continueOnError": false,
-      "alwaysRun": false,
-      "displayName": "Checkout CLI $(SourceBranch)",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "filename": "$(PB_Git)",
-        "arguments": "checkout  $(SourceBranch)",
-        "workingFolder": "$(Build.SourcesDirectory)\\$(PB_Repo)",
-        "failOnStandardError": "false"
-      }
-    },
     {
       "enabled": true,
       "continueOnError": false,

From c3f21c46f0bbc11e81424ad3715c51411a328a76 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 12:34:58 -0500
Subject: [PATCH 16/37] Update path to syncAzure.

---
 .../security/DotNet-CLI-Security-Windows.json | 43 ++++++++++++++++---
 1 file changed, 37 insertions(+), 6 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 625d3e9a37..de3d9d50e6 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -71,7 +71,7 @@
         "definitionType": "task"
       },
       "inputs": {
-        "solution": "$(Build.SourcesDirectory)\\cli\\build\\buildpipeline\\security\\syncAzure.proj",
+        "solution": "$(Build.SourcesDirectory)\\build\\buildpipeline\\security\\syncAzure.proj",
         "msbuildLocationMethod": "version",
         "msbuildVersion": "latest",
         "msbuildArchitecture": "x64",
@@ -85,6 +85,35 @@
         "logProjectEvents": "false",
         "createLogFile": "false"
       }
+    },
+	    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Download $(PB_LatestVersion) from $(PB_CloudDropAccountName)",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "refName": "Cloned_Task_4_19",
+      "task": {
+        "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "solution": "$(Build.SourcesDirectory)\\build\\buildpipeline\\security\\syncAzure.proj",
+        "msbuildLocationMethod": "version",
+        "msbuildVersion": "latest",
+        "msbuildArchitecture": "x64",
+        "msbuildLocation": "",
+        "platform": "x64",
+        "configuration": "$(BuildConfiguration)",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_LatestVersion)\" /verbosity:diag",
+        "clean": "false",
+        "maximumCpuCount": "false",
+        "restoreNugetPackages": "false",
+        "logProjectEvents": "false",
+        "createLogFile": "false"
+      }
     },
     {
       "enabled": false,
@@ -103,7 +132,7 @@
         "scriptName": "",
         "arguments": "$(Build.SourcesDirectory)",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\packages\\AzureTransfer\"\ngci \"$pkgDir\\*.nupkg\" | rename-item -newname { [io.path]::ChangeExtension($_.name, \"zip\") }\ngci \"$pkgDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\packages\\AzureTransfer\"\ngci \"dotnet-sdk-debug-latest-win-*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
         "failOnStandardError": "true"
       }
     },
@@ -272,9 +301,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory) \"$(PB_Git)\"",
+        "arguments": "$(Build.SourcesDirectory) \"$(PB_Git)\" \"$(PB_LatestVersion)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir, $git)\n$pkgExtPath= Join-Path \"$SrcDir\" \"security\"\ngci \"$pkgExtPath\\version.txt\" -Recurse | % { \n$sha = gc $_\nWrite-Host \"$sha\"\nif (-not [string]::IsNullOrWhiteSpace($sha))\n{\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\nbreak\n}\n}",
+        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\packages\\AzureTransfer\" \"$fileName\"\n$sha = gc \"$shaFile\" -first 1\nWrite-Host \"$sha\"\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
         "failOnStandardError": "true"
       }
     },
@@ -372,7 +401,9 @@
         "ModernCopBreakOn": "Error",
         "PoliCheck": "true",
         "PoliCheckBreakOn": "Severity1",
-        "SDLNativeRules": "false"
+        "SDLNativeRules": "false",
+        "TSLint": "false",
+        "TSLintBreakOn": "Error"
       }
     },
     {
@@ -615,7 +646,7 @@
     "uri": "vstfs:///Build/Definition/6661",
     "path": "\\",
     "type": 2,
-    "revision": 2,
+    "revision": 6,
     "createdDate": "2017-06-21T21:58:12.397Z",
     "project": {
         "id": "0bdbc590-a062-4c3f-b0f6-9383f67865ee",

From d6cc6475864824cf4c4a56c4e0061b1aede7e046 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 12:43:13 -0500
Subject: [PATCH 17/37] Update path to dir.props.

---
 build/buildpipeline/security/dir.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/dir.props b/build/buildpipeline/security/dir.props
index d8060da6f9..3e28b4a52a 100644
--- a/build/buildpipeline/security/dir.props
+++ b/build/buildpipeline/security/dir.props
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\..\..\core-setup\dir.props" />
+  <Import Project="..\..\..\core-setup\dir.props" />
 </Project>

From d88223b86ea51143427a850bdffc44b3be8aac0c Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 13:02:38 -0500
Subject: [PATCH 18/37] List files.

---
 .../security/DotNet-CLI-Security-Windows.json | 27 ++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index de3d9d50e6..90b29ba046 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -56,6 +56,27 @@
         "workingFolder": "$(Build.SourcesDirectory)\\core-setup",
         "failOnStandardError": "false"
       }
+    },
+	{
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "List all files",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "failOnStandardError": "true"
+      }
     },
     {
       "enabled": true,
@@ -88,7 +109,7 @@
     },
 	    {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
       "displayName": "Download $(PB_LatestVersion) from $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
@@ -138,7 +159,7 @@
     },
     {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
       "displayName": "List all files",
       "timeoutInMinutes": 0,
@@ -201,7 +222,7 @@
     },
     {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
       "displayName": "List all files - post delete",
       "timeoutInMinutes": 0,

From 6ba76035007f004e7572b3a815f42c419a9843ad Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 13:34:08 -0500
Subject: [PATCH 19/37] Remove CLI dir.props.

---
 .../security/DotNet-CLI-Security-Windows.json | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 90b29ba046..0f550c91cc 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -1,5 +1,26 @@
 {
   "build": [
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Delete CLI dir.props",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "-path \"$(Build.SourcesDirectory)\"",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param ($path)\ngci \"$path\\dir.props\" | Remove-Item -Force",
+        "failOnStandardError": "true"
+      }
+    },
     {
       "enabled": true,
       "continueOnError": false,

From f4ec90c5bc73ca58970acb82a3fe8b9159790465 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 14:17:26 -0500
Subject: [PATCH 20/37] Extract packages.

---
 .../security/DotNet-CLI-Security-Windows.json | 77 +++++++++++++++++--
 1 file changed, 70 insertions(+), 7 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 0f550c91cc..898ba5b442 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -78,7 +78,7 @@
         "failOnStandardError": "false"
       }
     },
-	{
+    {
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
@@ -128,7 +128,7 @@
         "createLogFile": "false"
       }
     },
-	    {
+        {
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
@@ -156,12 +156,33 @@
         "logProjectEvents": "false",
         "createLogFile": "false"
       }
+    },
+	{
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "List all files",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "failOnStandardError": "true"
+      }
     },
     {
       "enabled": false,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Extract downloaded nupkgs",
+      "displayName": "Extract downloaded packages",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -172,9 +193,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\packages\\AzureTransfer\"\ngci \"dotnet-sdk-debug-latest-win-*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\core-setup\\packages\\AzureTransfer\"\ngci \"$pkgDir\\dotnet-sdk-debug-latest-win-*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
         "failOnStandardError": "true"
       }
     },
@@ -327,6 +348,48 @@
         "preserveTempFiles": "false",
         "toolVersion": "Latest"
       }
+    },
+	{
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "List all files",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "failOnStandardError": "true"
+      }
+    },
+	{
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "List all files",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "failOnStandardError": "true"
+      }
     },
     {
       "enabled": true,
@@ -343,9 +406,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory) \"$(PB_Git)\" \"$(PB_LatestVersion)\"",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersion)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\packages\\AzureTransfer\" \"$fileName\"\n$sha = gc \"$shaFile\" -first 1\nWrite-Host \"$sha\"\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
+        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"$fileName\"\n$sha = gc \"$shaFile\" -first 1\nWrite-Host \"$sha\"\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
         "failOnStandardError": "true"
       }
     },

From 7b197898e9c280393baa67d3fe1ef62a55f14465 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 14:29:52 -0500
Subject: [PATCH 21/37] Enable extraction.

---
 build/buildpipeline/security/DotNet-CLI-Security-Windows.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 898ba5b442..e2013cf9ba 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -179,7 +179,7 @@
       }
     },
     {
-      "enabled": false,
+      "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
       "displayName": "Extract downloaded packages",

From 7022e2601bcf0e93e223a717dc4ee64a45d6b807 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 15:01:07 -0500
Subject: [PATCH 22/37] Fix path to latest.version.

---
 .../security/DotNet-CLI-Security-Windows.json | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index e2013cf9ba..760b5badab 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -157,7 +157,7 @@
         "createLogFile": "false"
       }
     },
-	{
+    {
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
@@ -349,7 +349,7 @@
         "toolVersion": "Latest"
       }
     },
-	{
+    {
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
@@ -370,11 +370,11 @@
         "failOnStandardError": "true"
       }
     },
-	{
+    {
       "enabled": true,
-      "continueOnError": true,
+      "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "List all files",
+      "displayName": "git checkout",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -385,17 +385,17 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersion)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
         "failOnStandardError": "true"
       }
     },
     {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "git checkout",
+      "displayName": "List all files",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -406,9 +406,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersion)\"",
+        "arguments": "$(Build.SourcesDirectory)",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"$fileName\"\n$sha = gc \"$shaFile\" -first 1\nWrite-Host \"$sha\"\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
         "failOnStandardError": "true"
       }
     },

From 61ad3ea1a97cde01e365b296c0e850e88e6c0cd0 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 15:31:44 -0500
Subject: [PATCH 23/37] Clean repo.

---
 build/buildpipeline/security/DotNet-CLI-Security-Windows.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 760b5badab..53f9cfedcc 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -387,7 +387,7 @@
         "scriptName": "",
         "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersion)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"checkout -- .\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
+        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"clean -df\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
         "failOnStandardError": "true"
       }
     },

From 336fcb3bd6afb9d14741baf0d231c863edc34626 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 15:37:51 -0500
Subject: [PATCH 24/37] Rename PB variables.

---
 .../security/DotNet-CLI-Security-Windows.json          | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 53f9cfedcc..c102b72f0a 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -103,7 +103,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Download blobs that have prefix $(PB_BlobName) in container $(PB_CloudDropAccountName)",
+      "displayName": "Download blobs that have prefix $(PB_BlobNameFilter) in container $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "refName": "MSBuild_14",
@@ -120,7 +120,7 @@
         "msbuildLocation": "",
         "platform": "x64",
         "configuration": "$(BuildConfiguration)",
-        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobName)\" /verbosity:diag",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobNameFilter)\" /verbosity:diag",
         "clean": "false",
         "maximumCpuCount": "false",
         "restoreNugetPackages": "false",
@@ -132,7 +132,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Download $(PB_LatestVersion) from $(PB_CloudDropAccountName)",
+      "displayName": "Download $(PB_LatestVersionFileBlobName) from $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "refName": "Cloned_Task_4_19",
@@ -149,7 +149,7 @@
         "msbuildLocation": "",
         "platform": "x64",
         "configuration": "$(BuildConfiguration)",
-        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_LatestVersion)\" /verbosity:diag",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_LatestVersionFileBlobName)\" /verbosity:diag",
         "clean": "false",
         "maximumCpuCount": "false",
         "restoreNugetPackages": "false",
@@ -385,7 +385,7 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersion)\"",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersionFileBlobName)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
         "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"clean -df\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
         "failOnStandardError": "true"

From c81e60044f329f8e41b16039fed75736cb586295 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 16:07:30 -0500
Subject: [PATCH 25/37] Delete Core-Setup folder.

---
 .../security/DotNet-CLI-Security-Windows.json | 123 +++++-------------
 1 file changed, 30 insertions(+), 93 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index c102b72f0a..38b8f84154 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -1,26 +1,5 @@
 {
   "build": [
-    {
-      "enabled": true,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "Delete CLI dir.props",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "scriptType": "inlineScript",
-        "scriptName": "",
-        "arguments": "-path \"$(Build.SourcesDirectory)\"",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param ($path)\ngci \"$path\\dir.props\" | Remove-Item -Force",
-        "failOnStandardError": "true"
-      }
-    },
     {
       "enabled": true,
       "continueOnError": false,
@@ -82,7 +61,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "List all files",
+      "displayName": "Delete CLI dir.props",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -93,9 +72,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
+        "arguments": "-path \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "inlineScript": "param ($path)\ngci \"$path\\dir.props\" | Remove-Item -Force",
         "failOnStandardError": "true"
       }
     },
@@ -128,7 +107,7 @@
         "createLogFile": "false"
       }
     },
-        {
+    {
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
@@ -157,27 +136,6 @@
         "createLogFile": "false"
       }
     },
-    {
-      "enabled": true,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "List all files",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "scriptType": "inlineScript",
-        "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
-        "failOnStandardError": "true"
-      }
-    },
     {
       "enabled": true,
       "continueOnError": true,
@@ -220,27 +178,6 @@
         "failOnStandardError": "true"
       }
     },
-    {
-      "enabled": false,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "Remove api-*, ucrtbase*, and files other than DLLs, PDBs and TXT",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "scriptType": "inlineScript",
-        "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$extList = \".dll\", \".pdb\", \".txt\"\ngci $secDir -Recurse | where { !$_.PSIsContainer } | % {\nif ($extList -inotcontains $_.Extension -or $_.BaseName -like \"api-*\" -or $_.BaseName -like \"ucrtbase*\")\n{\n    rm $_.FullName -Force\n    Write-Host \"Removed $($_.FullName)\"\n}\n}\n\n",
-        "failOnStandardError": "true"
-      }
-    },
     {
       "enabled": true,
       "continueOnError": true,
@@ -353,7 +290,26 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "List all files",
+      "displayName": "Run Core-Setup clean.cmd",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "filename": "clean.cmd",
+        "arguments": "-all",
+        "workingFolder": "$(Build.SourcesDirectory)\\core-setup",
+        "failOnStandardError": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": false,
+      "alwaysRun": false,
+      "displayName": "Delete Core-Setup folder",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -364,9 +320,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "arguments": "-path \"$(Build.SourcesDirectory)\\core-setup\"",
+        "workingFolder": "",
+        "inlineScript": "param ($path)\nRemove-Item \"$path\" -Force -Recurse -ErrorAction Continue\n",
         "failOnStandardError": "true"
       }
     },
@@ -374,7 +330,7 @@
       "enabled": true,
       "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "git checkout",
+      "displayName": "git checkout CLI at SHA listed in $(PB_LatestVersionFileBlobName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -395,7 +351,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "List all files",
+      "displayName": "List all files - post checkout",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -536,7 +492,7 @@
       }
     },
     {
-      "enabled": false,
+      "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
       "displayName": "TSA upload to Codebase: DotNet-CLI-Trusted_$(CodeBase) Stamp: Azure",
@@ -596,25 +552,6 @@
         "validateCompatibility": "Error",
         "uploadAsync": "true"
       }
-    },
-    {
-      "enabled": true,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "Run Core-Setup clean.cmd",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "filename": "clean.cmd",
-        "arguments": "-all",
-        "workingFolder": "$(Build.SourcesDirectory)\\core-setup",
-        "failOnStandardError": "false"
-      }
     }
   ],
     "options": [

From bdaa41caa01aa742b4cd76c4d0a1e0c0f228374a Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 16:30:31 -0500
Subject: [PATCH 26/37] Delete Core-Setup folder after checkout.

---
 .../security/DotNet-CLI-Security-Windows.json | 40 +++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 38b8f84154..b4f04e2cb0 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -288,49 +288,49 @@
     },
     {
       "enabled": true,
-      "continueOnError": true,
+      "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "Run Core-Setup clean.cmd",
+      "displayName": "git checkout CLI at SHA listed in $(PB_LatestVersionFileBlobName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
-        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
         "versionSpec": "1.*",
         "definitionType": "task"
       },
       "inputs": {
-        "filename": "clean.cmd",
-        "arguments": "-all",
-        "workingFolder": "$(Build.SourcesDirectory)\\core-setup",
-        "failOnStandardError": "false"
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersionFileBlobName)\"",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"clean -df\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
+        "failOnStandardError": "true"
       }
     },
     {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Delete Core-Setup folder",
+      "displayName": "Run Core-Setup clean.cmd",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
-        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "id": "d9bafed4-0b18-4f58-968d-86655b4d2ce9",
         "versionSpec": "1.*",
         "definitionType": "task"
       },
       "inputs": {
-        "scriptType": "inlineScript",
-        "scriptName": "",
-        "arguments": "-path \"$(Build.SourcesDirectory)\\core-setup\"",
-        "workingFolder": "",
-        "inlineScript": "param ($path)\nRemove-Item \"$path\" -Force -Recurse -ErrorAction Continue\n",
-        "failOnStandardError": "true"
+        "filename": "clean.cmd",
+        "arguments": "-all",
+        "workingFolder": "$(Build.SourcesDirectory)\\core-setup",
+        "failOnStandardError": "false"
       }
     },
     {
       "enabled": true,
       "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "git checkout CLI at SHA listed in $(PB_LatestVersionFileBlobName)",
+      "displayName": "Delete Core-Setup folder",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -341,9 +341,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersionFileBlobName)\"",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"clean -df\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
+        "arguments": "-path \"$(Build.SourcesDirectory)\\core-setup\"",
+        "workingFolder": "",
+        "inlineScript": "param ($path)\nRemove-Item \"$path\" -Force -Recurse -ErrorAction Continue\n",
         "failOnStandardError": "true"
       }
     },

From 804558722d68d043df9693b552f7fb490ab40934 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 18:33:34 -0500
Subject: [PATCH 27/37] Extract all zips.

---
 build/buildpipeline/security/DotNet-CLI-Security-Windows.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index b4f04e2cb0..56f599c56f 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -153,7 +153,7 @@
         "scriptName": "",
         "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\core-setup\\packages\\AzureTransfer\"\ngci \"$pkgDir\\dotnet-sdk-debug-latest-win-*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\core-setup\\packages\\AzureTransfer\"\ngci \"$pkgDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
         "failOnStandardError": "true"
       }
     },

From c7a50e7876008605fa9854cd915632038c0f035f Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Fri, 30 Jun 2017 18:56:06 -0500
Subject: [PATCH 28/37] Filter download packages.

---
 .../security/DotNet-CLI-Security-Windows.json | 34 ++++++++++++++++---
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 56f599c56f..61856c116e 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -82,10 +82,9 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Download blobs that have prefix $(PB_BlobNameFilter) in container $(PB_CloudDropAccountName)",
+      "displayName": "Download blobs that have prefix $(PB_BlobNameFilter)-win in container $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
-      "refName": "MSBuild_14",
       "task": {
         "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
         "versionSpec": "1.*",
@@ -99,7 +98,35 @@
         "msbuildLocation": "",
         "platform": "x64",
         "configuration": "$(BuildConfiguration)",
-        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobNameFilter)\" /verbosity:diag",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobNameFilter)-win\" /verbosity:diag",
+        "clean": "false",
+        "maximumCpuCount": "false",
+        "restoreNugetPackages": "false",
+        "logProjectEvents": "false",
+        "createLogFile": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Download blobs that have prefix $(PB_BlobNameFilter)-latest-win in container $(PB_CloudDropAccountName)",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "task": {
+        "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "solution": "$(Build.SourcesDirectory)\\build\\buildpipeline\\security\\syncAzure.proj",
+        "msbuildLocationMethod": "version",
+        "msbuildVersion": "latest",
+        "msbuildArchitecture": "x64",
+        "msbuildLocation": "",
+        "platform": "x64",
+        "configuration": "$(BuildConfiguration)",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobNameFilter)-latest-win\" /verbosity:diag",
         "clean": "false",
         "maximumCpuCount": "false",
         "restoreNugetPackages": "false",
@@ -114,7 +141,6 @@
       "displayName": "Download $(PB_LatestVersionFileBlobName) from $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
-      "refName": "Cloned_Task_4_19",
       "task": {
         "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
         "versionSpec": "1.*",

From 57534d3614a5217f34f1c90c7ae038edbbac1c90 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Mon, 3 Jul 2017 10:40:22 -0500
Subject: [PATCH 29/37] Cleanup and switch to master branch.

---
 .../security/DotNet-CLI-Security-Windows.json | 44 +------------------
 1 file changed, 1 insertion(+), 43 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 61856c116e..0a933b4f0b 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -204,48 +204,6 @@
         "failOnStandardError": "true"
       }
     },
-    {
-      "enabled": true,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "Workaround for long path - DELETE files with path length greater than or equal to 240 characters",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "scriptType": "inlineScript",
-        "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$longPath = New-Object System.Collections.ArrayList\ngci \"$SrcDir\\*\" -recurse | where {!$_.PSIsContainer}  | % {\nif ($($_.FullName.Length) -ge 240)\n{\n$longPath.Add($($_.Directory.FullName)) | Out-Null\n}\n}\n$longPath | % {\nStart-Process \"cmd\" -ArgumentList \"/c rd /S /Q $_\" -Wait\nWrite-Host \"DELETED $_\"\n}\n",
-        "failOnStandardError": "true"
-      }
-    },
-    {
-      "enabled": true,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "List all files - post delete",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "scriptType": "inlineScript",
-        "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
-        "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
-        "failOnStandardError": "true"
-      }
-    },
     {
       "enabled": true,
       "continueOnError": true,
@@ -687,7 +645,7 @@
     "type": "TfsGit",
     "name": "DotNet-Cli-Trusted",
     "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-Cli-Trusted",
-    "defaultBranch": "refs/heads/sec_ext",
+    "defaultBranch": "refs/heads/master",
     "clean": "true",
     "checkoutSubmodules": false
   },

From 23d26caddb94f5546eb3aa020ade246dfe01da41 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Mon, 3 Jul 2017 13:37:21 -0500
Subject: [PATCH 30/37] Include all zip and exe in download.

---
 .../security/DotNet-CLI-Security-Windows.json | 84 ++++++++++++++-----
 build/buildpipeline/security/syncAzure.proj   |  2 +-
 .../buildpipeline/security/syncAzure.targets  |  5 +-
 3 files changed, 65 insertions(+), 26 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 0a933b4f0b..e644d6e4d5 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -82,7 +82,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Download blobs that have prefix $(PB_BlobNameFilter)-win in container $(PB_CloudDropAccountName)",
+      "displayName": "Download blobs from container $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -98,7 +98,7 @@
         "msbuildLocation": "",
         "platform": "x64",
         "configuration": "$(BuildConfiguration)",
-        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobNameFilter)-win\" /verbosity:diag",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobNameFilter)\" /verbosity:diag",
         "clean": "false",
         "maximumCpuCount": "false",
         "restoreNugetPackages": "false",
@@ -110,7 +110,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Download blobs that have prefix $(PB_BlobNameFilter)-latest-win in container $(PB_CloudDropAccountName)",
+      "displayName": "Download $(PB_LatestVersionFileBlobName) from $(PB_CloudDropAccountName)",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -126,7 +126,7 @@
         "msbuildLocation": "",
         "platform": "x64",
         "configuration": "$(BuildConfiguration)",
-        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_BlobNameFilter)-latest-win\" /verbosity:diag",
+        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_LatestVersionFileBlobName)\" /verbosity:diag",
         "clean": "false",
         "maximumCpuCount": "false",
         "restoreNugetPackages": "false",
@@ -136,30 +136,24 @@
     },
     {
       "enabled": true,
-      "continueOnError": true,
+      "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "Download $(PB_LatestVersionFileBlobName) from $(PB_CloudDropAccountName)",
+      "displayName": "Copy downloaded packages to security folder",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
+      "refName": "PowerShell_23",
       "task": {
-        "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
         "versionSpec": "1.*",
         "definitionType": "task"
       },
       "inputs": {
-        "solution": "$(Build.SourcesDirectory)\\build\\buildpipeline\\security\\syncAzure.proj",
-        "msbuildLocationMethod": "version",
-        "msbuildVersion": "latest",
-        "msbuildArchitecture": "x64",
-        "msbuildLocation": "",
-        "platform": "x64",
-        "configuration": "$(BuildConfiguration)",
-        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_LatestVersionFileBlobName)\" /verbosity:diag",
-        "clean": "false",
-        "maximumCpuCount": "false",
-        "restoreNugetPackages": "false",
-        "logProjectEvents": "false",
-        "createLogFile": "false"
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\core-setup\\packages\\AzureTransfer\"\nCopy-Item \"$pkgDir \" \"$secDir\" -Force -Recurse\n",
+        "failOnStandardError": "true"
       }
     },
     {
@@ -179,7 +173,7 @@
         "scriptName": "",
         "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$pkgDir = \"$SrcDir\\core-setup\\packages\\AzureTransfer\"\ngci \"$pkgDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\n}\n",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\ngci \"$secDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\nRemove-Item $_.FullName -Force\n}\n",
         "failOnStandardError": "true"
       }
     },
@@ -204,6 +198,50 @@
         "failOnStandardError": "true"
       }
     },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Workaround for long path - DELETE files with path length greater than or equal to 240 characters",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "refName": "Task_10",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$longPath = New-Object System.Collections.ArrayList\ngci \"$SrcDir\\*\" -recurse | where {!$_.PSIsContainer}  | % {\nif ($($_.FullName.Length) -ge 240)\n{\n$longPath.Add($($_.Directory.FullName)) | Out-Null\n}\n}\n$longPath | % {\nStart-Process \"cmd\" -ArgumentList \"/c rd /S /Q $_\" -Wait\nWrite-Host \"DELETED $_\"\n}\n",
+        "failOnStandardError": "true"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "List all files - post delete",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "refName": "Task_11",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "$(Build.SourcesDirectory)",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$fileCount = 0\ngci $SrcDir -recurse | % {\nWrite-Host $($_.FullName)\n$fileCount += 1\n}\nWrite-Host \"File Count: $fileCount\"\n",
+        "failOnStandardError": "true"
+      }
+    },
     {
       "enabled": true,
       "continueOnError": true,
@@ -218,7 +256,7 @@
       },
       "inputs": {
         "InputType": "CommandLine",
-        "arguments": "analyze security\\*.dll --recurse --sympath security\\*.pdb --verbose --statistics",
+        "arguments": "analyze security\\*.dll;security\\*.exe --recurse --sympath security\\*.pdb --verbose --statistics",
         "Function": "analyze",
         "AnalyzeTarget": "$(Build.ArtifactStagingDirectory)",
         "AnalyzeSymPath": "",
@@ -645,7 +683,7 @@
     "type": "TfsGit",
     "name": "DotNet-Cli-Trusted",
     "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-Cli-Trusted",
-    "defaultBranch": "refs/heads/master",
+    "defaultBranch": "refs/heads/sec_ext",
     "clean": "true",
     "checkoutSubmodules": false
   },
diff --git a/build/buildpipeline/security/syncAzure.proj b/build/buildpipeline/security/syncAzure.proj
index 3fba402eb8..45d7657ebd 100644
--- a/build/buildpipeline/security/syncAzure.proj
+++ b/build/buildpipeline/security/syncAzure.proj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
 
   <PropertyGroup>
-    <CloudTestTasksPath>$(BUILD_SOURCESDIRECTORY)\core-setup\Tools\net46\Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
+    <CloudTestTasksPath>$(BuildToolsTaskDesktopDir)Microsoft.DotNet.Build.CloudTestTasks.dll</CloudTestTasksPath>
     <ContainerName Condition="'$(ContainerName)' == ''">dotnet</ContainerName>
     <DownloadDirectory>$(PackagesDir)AzureTransfer</DownloadDirectory>
   </PropertyGroup>
diff --git a/build/buildpipeline/security/syncAzure.targets b/build/buildpipeline/security/syncAzure.targets
index 28a3503dd6..16cc061be0 100644
--- a/build/buildpipeline/security/syncAzure.targets
+++ b/build/buildpipeline/security/syncAzure.targets
@@ -16,13 +16,14 @@
     </ListAzureBlobs>
 
     <ItemGroup>
-      <_CoreHostPackages Include="%(_BlobList.Identity)" Condition="'%(_BlobList.Extension)' == '.nupkg'" />
+      <_OSFilteredBlobNames Include="@(_BlobList)" 
+                        Condition="'$(OSGroup)' == 'Windows_NT' AND ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.exe')" />
     </ItemGroup>
 
     <DownloadFromAzure AccountName="$(AzureAccount)"
                         AccountKey="$(AzureToken)"
                         ContainerName="$(ContainerName)"
-                        BlobNames="@(_CoreHostPackages)"
+                        BlobNames="@(_OSFilteredBlobNames)"
                         BlobNamePrefix="$(BlobName)"
                         DownloadDirectory="$(DownloadDirectory)" />
   </Target>

From a0ef8adea2cb8588972b39a28573888f710198c5 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Mon, 3 Jul 2017 14:52:11 -0500
Subject: [PATCH 31/37] Download latest.version.

---
 .../security/DotNet-CLI-Security-Windows.json | 36 +++----------------
 .../buildpipeline/security/syncAzure.targets  |  3 +-
 2 files changed, 6 insertions(+), 33 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index e644d6e4d5..dbdf85da2c 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -106,34 +106,6 @@
         "createLogFile": "false"
       }
     },
-    {
-      "enabled": true,
-      "continueOnError": true,
-      "alwaysRun": false,
-      "displayName": "Download $(PB_LatestVersionFileBlobName) from $(PB_CloudDropAccountName)",
-      "timeoutInMinutes": 0,
-      "condition": "succeeded()",
-      "task": {
-        "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",
-        "versionSpec": "1.*",
-        "definitionType": "task"
-      },
-      "inputs": {
-        "solution": "$(Build.SourcesDirectory)\\build\\buildpipeline\\security\\syncAzure.proj",
-        "msbuildLocationMethod": "version",
-        "msbuildVersion": "latest",
-        "msbuildArchitecture": "x64",
-        "msbuildLocation": "",
-        "platform": "x64",
-        "configuration": "$(BuildConfiguration)",
-        "msbuildArguments": "/p:AzureAccount=\"$(PB_CloudDropAccountName)\" /p:AzureToken=\"$(PB_CloudDropAccessToken)\" /p:BlobName=\"$(PB_LatestVersionFileBlobName)\" /verbosity:diag",
-        "clean": "false",
-        "maximumCpuCount": "false",
-        "restoreNugetPackages": "false",
-        "logProjectEvents": "false",
-        "createLogFile": "false"
-      }
-    },
     {
       "enabled": true,
       "continueOnError": false,
@@ -256,7 +228,7 @@
       },
       "inputs": {
         "InputType": "CommandLine",
-        "arguments": "analyze security\\*.dll;security\\*.exe --recurse --sympath security\\*.pdb --verbose --statistics",
+        "arguments": "analyze $(Build.SourcesDirectory)\\security\\*.dll $(Build.SourcesDirectory)\\security\\*.exe --recurse --sympath $(Build.SourcesDirectory)\\security\\*.pdb --verbose --statistics",
         "Function": "analyze",
         "AnalyzeTarget": "$(Build.ArtifactStagingDirectory)",
         "AnalyzeSymPath": "",
@@ -312,7 +284,7 @@
       "enabled": true,
       "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "git checkout CLI at SHA listed in $(PB_LatestVersionFileBlobName)",
+      "displayName": "git checkout CLI at SHA listed in latest.version",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -323,9 +295,9 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\" -fileName \"$(PB_LatestVersionFileBlobName)\"",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\" -git \"$(PB_Git)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir, $git, $fileName)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$SrcDir\\core-setup\\packages\\AzureTransfer\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"clean -df\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
+        "inlineScript": "param($SrcDir, $git)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$shaFile= Join-Path \"$secDir\" \"latest.version\"\n$sha = gc \"$shaFile\" -first 1\n\nif ([string]::IsNullOrWhiteSpace($sha))\n{ Write-Error \"Unable to determine latest commit SHA.\" }\n\nStart-Process \"$git\" -ArgumentList \"clean -df\" -Wait -Verbose -ErrorAction Stop\nStart-Process \"$git\" -ArgumentList \"checkout $sha\" -Wait -Verbose -ErrorAction Stop\nWrite-Host \"Checked out at $sha\"\n",
         "failOnStandardError": "true"
       }
     },
diff --git a/build/buildpipeline/security/syncAzure.targets b/build/buildpipeline/security/syncAzure.targets
index 16cc061be0..4cc360a11c 100644
--- a/build/buildpipeline/security/syncAzure.targets
+++ b/build/buildpipeline/security/syncAzure.targets
@@ -17,7 +17,8 @@
 
     <ItemGroup>
       <_OSFilteredBlobNames Include="@(_BlobList)" 
-                        Condition="'$(OSGroup)' == 'Windows_NT' AND ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.exe')" />
+                        Condition="'$(OSGroup)' == 'Windows_NT' AND 
+                        ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.exe' OR '%(_BlobList.Extension)' == '.version')" />
     </ItemGroup>
 
     <DownloadFromAzure AccountName="$(AzureAccount)"

From 71220c09fb6c78d4816b49f442a0dd1ef8c46e14 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Mon, 3 Jul 2017 15:31:00 -0500
Subject: [PATCH 32/37] Exclude exe.

---
 build/buildpipeline/security/syncAzure.targets | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/syncAzure.targets b/build/buildpipeline/security/syncAzure.targets
index 4cc360a11c..268da8d6c7 100644
--- a/build/buildpipeline/security/syncAzure.targets
+++ b/build/buildpipeline/security/syncAzure.targets
@@ -16,9 +16,12 @@
     </ListAzureBlobs>
 
     <ItemGroup>
+      <!--<_OSFilteredBlobNames Include="@(_BlobList)" 
+                        Condition="'$(OSGroup)' == 'Windows_NT' AND 
+                        ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.exe' OR '%(_BlobList.Extension)' == '.version')" />-->
       <_OSFilteredBlobNames Include="@(_BlobList)" 
                         Condition="'$(OSGroup)' == 'Windows_NT' AND 
-                        ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.exe' OR '%(_BlobList.Extension)' == '.version')" />
+                        ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.version')" />
     </ItemGroup>
 
     <DownloadFromAzure AccountName="$(AzureAccount)"

From e9ef17109bafa7d533c28acaf89c76a1652ad70a Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Mon, 3 Jul 2017 15:48:09 -0500
Subject: [PATCH 33/37] Identify workaround.

---
 .../security/DotNet-CLI-Security-Windows.json        | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index dbdf85da2c..11e4a8ca12 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -4,7 +4,7 @@
       "enabled": true,
       "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "Clone Core-Setup",
+      "displayName": "Workaround for BuildTools - Clone Core-Setup",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -23,7 +23,7 @@
       "enabled": true,
       "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "Checkout Core-Setup master",
+      "displayName": "Workaround for BuildTools - Checkout Core-Setup master",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -42,7 +42,7 @@
       "enabled": true,
       "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "Run init-tools.cmd",
+      "displayName": "Workaround for BuildTools - Run init-tools.cmd",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -61,7 +61,7 @@
       "enabled": true,
       "continueOnError": true,
       "alwaysRun": false,
-      "displayName": "Delete CLI dir.props",
+      "displayName": "Workaround for BuildTools - Delete CLI dir.props",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {
@@ -145,7 +145,7 @@
         "scriptName": "",
         "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\ngci \"$secDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\nRemove-Item $_.FullName -Force\n}\n",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\ngci \"$secDir\\*.zip\" | % {\n$dstDir = Join-Path \"$secDir\" $($_.BaseName)\nExpand-Archive -Path $($_.FullName) -DestinationPath \"$dstDir\" -Force\nWrite-Host \"Expanded: $($_.FullName)\"\nRemove-Item $_.FullName -Force\n}\n",
         "failOnStandardError": "true"
       }
     },
@@ -284,7 +284,7 @@
       "enabled": true,
       "continueOnError": false,
       "alwaysRun": false,
-      "displayName": "git checkout CLI at SHA listed in latest.version",
+      "displayName": "Checkout CLI at SHA listed in latest.version",
       "timeoutInMinutes": 0,
       "condition": "succeeded()",
       "task": {

From 2e44d86f7016ddcbf5deadac646a78e2b039cd71 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Mon, 3 Jul 2017 22:51:17 -0500
Subject: [PATCH 34/37] Remove non-CLI files.

---
 .../security/DotNet-CLI-Security-Windows.json | 30 ++++++++++++++++---
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 11e4a8ca12..81dd836452 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -108,7 +108,7 @@
     },
     {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
       "displayName": "Copy downloaded packages to security folder",
       "timeoutInMinutes": 0,
@@ -186,10 +186,32 @@
       "inputs": {
         "scriptType": "inlineScript",
         "scriptName": "",
-        "arguments": "$(Build.SourcesDirectory)",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
         "inlineScript": "param($SrcDir)\n$longPath = New-Object System.Collections.ArrayList\ngci \"$SrcDir\\*\" -recurse | where {!$_.PSIsContainer}  | % {\nif ($($_.FullName.Length) -ge 240)\n{\n$longPath.Add($($_.Directory.FullName)) | Out-Null\n}\n}\n$longPath | % {\nStart-Process \"cmd\" -ArgumentList \"/c rd /S /Q $_\" -Wait\nWrite-Host \"DELETED $_\"\n}\n",
-        "failOnStandardError": "true"
+        "failOnStandardError": "false"
+      }
+    },
+    {
+      "enabled": true,
+      "continueOnError": true,
+      "alwaysRun": false,
+      "displayName": "Remove non-CLI files",
+      "timeoutInMinutes": 0,
+      "condition": "succeeded()",
+      "refName": "PowerShell_22",
+      "task": {
+        "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
+        "versionSpec": "1.*",
+        "definitionType": "task"
+      },
+      "inputs": {
+        "scriptType": "inlineScript",
+        "scriptName": "",
+        "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
+        "workingFolder": "$(Build.SourcesDirectory)",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$f=\"dotnet\", \"Microsoft.DotNet.Archive\", \"Microsoft.DotNet.Cli.Sln.Internal\", \"Microsoft.DotNet.Cli.Utils\", \"Microsoft.DotNet.Configurer\", \"Microsoft.DotNet.InternalAbstractions\", \"Microsoft.DotNet.TestFramework\", \"redist\", \"tool_msbuild\", \"tool_nuget\", \"tool_nuget.pdb\"\ngci \"$secDir\" -recurse | where {!$_.PSIsContainer} | % {\n    if ($f -inotcontains $_.BaseName) { \n        Remove-Item $_.FullName\n    }\n}",
+        "failOnStandardError": "false"
       }
     },
     {
@@ -322,7 +344,7 @@
     },
     {
       "enabled": true,
-      "continueOnError": false,
+      "continueOnError": true,
       "alwaysRun": false,
       "displayName": "Delete Core-Setup folder",
       "timeoutInMinutes": 0,

From 520884c7a79b53e89f282aecca9edd92a24ddf2a Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Mon, 3 Jul 2017 23:23:55 -0500
Subject: [PATCH 35/37] Do not delete exe.

---
 .../buildpipeline/security/DotNet-CLI-Security-Windows.json  | 2 +-
 build/buildpipeline/security/syncAzure.targets               | 5 +----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 81dd836452..db850f19b9 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -210,7 +210,7 @@
         "scriptName": "",
         "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$f=\"dotnet\", \"Microsoft.DotNet.Archive\", \"Microsoft.DotNet.Cli.Sln.Internal\", \"Microsoft.DotNet.Cli.Utils\", \"Microsoft.DotNet.Configurer\", \"Microsoft.DotNet.InternalAbstractions\", \"Microsoft.DotNet.TestFramework\", \"redist\", \"tool_msbuild\", \"tool_nuget\", \"tool_nuget.pdb\"\ngci \"$secDir\" -recurse | where {!$_.PSIsContainer} | % {\n    if ($f -inotcontains $_.BaseName) { \n        Remove-Item $_.FullName\n    }\n}",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$f=\"dotnet\", \"Microsoft.DotNet.Archive\", \"Microsoft.DotNet.Cli.Sln.Internal\", \"Microsoft.DotNet.Cli.Utils\", \"Microsoft.DotNet.Configurer\", \"Microsoft.DotNet.InternalAbstractions\", \"Microsoft.DotNet.TestFramework\", \"redist\", \"tool_msbuild\", \"tool_nuget\", \"tool_nuget.pdb\"\ngci \"$secDir\" -recurse | where {!$_.PSIsContainer} | % {\n$_.FullName\nif ($f -inotcontains $_.BaseName) {\nif ($_.Extension -ine \".exe\") { \nRemove-Item $_.FullName\n}\n}   \n}",
         "failOnStandardError": "false"
       }
     },
diff --git a/build/buildpipeline/security/syncAzure.targets b/build/buildpipeline/security/syncAzure.targets
index 268da8d6c7..4cc360a11c 100644
--- a/build/buildpipeline/security/syncAzure.targets
+++ b/build/buildpipeline/security/syncAzure.targets
@@ -16,12 +16,9 @@
     </ListAzureBlobs>
 
     <ItemGroup>
-      <!--<_OSFilteredBlobNames Include="@(_BlobList)" 
-                        Condition="'$(OSGroup)' == 'Windows_NT' AND 
-                        ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.exe' OR '%(_BlobList.Extension)' == '.version')" />-->
       <_OSFilteredBlobNames Include="@(_BlobList)" 
                         Condition="'$(OSGroup)' == 'Windows_NT' AND 
-                        ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.version')" />
+                        ('%(_BlobList.Extension)' == '.zip' OR '%(_BlobList.Extension)' == '.exe' OR '%(_BlobList.Extension)' == '.version')" />
     </ItemGroup>
 
     <DownloadFromAzure AccountName="$(AzureAccount)"

From b8fab166e38629e542c5269f79d50c1a824acb33 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Tue, 4 Jul 2017 15:02:02 -0500
Subject: [PATCH 36/37] Keep latest.version.

---
 build/buildpipeline/security/DotNet-CLI-Security-Windows.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index db850f19b9..90c89a22f3 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -210,7 +210,7 @@
         "scriptName": "",
         "arguments": "-SrcDir \"$(Build.SourcesDirectory)\"",
         "workingFolder": "$(Build.SourcesDirectory)",
-        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$f=\"dotnet\", \"Microsoft.DotNet.Archive\", \"Microsoft.DotNet.Cli.Sln.Internal\", \"Microsoft.DotNet.Cli.Utils\", \"Microsoft.DotNet.Configurer\", \"Microsoft.DotNet.InternalAbstractions\", \"Microsoft.DotNet.TestFramework\", \"redist\", \"tool_msbuild\", \"tool_nuget\", \"tool_nuget.pdb\"\ngci \"$secDir\" -recurse | where {!$_.PSIsContainer} | % {\n$_.FullName\nif ($f -inotcontains $_.BaseName) {\nif ($_.Extension -ine \".exe\") { \nRemove-Item $_.FullName\n}\n}   \n}",
+        "inlineScript": "param($SrcDir)\n$secDir = Join-Path \"$SrcDir\" \"security\"\n$f=\"dotnet\", \"Microsoft.DotNet.Archive\", \"Microsoft.DotNet.Cli.Sln.Internal\", \"Microsoft.DotNet.Cli.Utils\", \"Microsoft.DotNet.Configurer\", \"Microsoft.DotNet.InternalAbstractions\", \"Microsoft.DotNet.TestFramework\"\ngci \"$secDir\" -recurse | where {!$_.PSIsContainer} | % {\nif ($f -inotcontains $_.BaseName) {\nif ($_.Extension -ine \".exe\" -and $_.Name -ine \"latest.version\") { \nRemove-Item $_.FullName\nWrite-Host \"Removed: $($_.FullName)\"\n}}}",
         "failOnStandardError": "false"
       }
     },

From 21e366c172a0236b907f65d3d59fea2d42fc6758 Mon Sep 17 00:00:00 2001
From: Ravi Eda <raeda@microsoft.com>
Date: Wed, 5 Jul 2017 10:33:37 -0500
Subject: [PATCH 37/37] Switch to master.

---
 build/buildpipeline/security/DotNet-CLI-Security-Windows.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
index 90c89a22f3..2198083370 100644
--- a/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
+++ b/build/buildpipeline/security/DotNet-CLI-Security-Windows.json
@@ -677,7 +677,7 @@
     "type": "TfsGit",
     "name": "DotNet-Cli-Trusted",
     "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-Cli-Trusted",
-    "defaultBranch": "refs/heads/sec_ext",
+    "defaultBranch": "refs/heads/master",
     "clean": "true",
     "checkoutSubmodules": false
   },