[CI] Ignore false positives from policheck and other tools. (xamarin#…

…18547)

mk/xamarin.mk

@@ -7,7 +7,7 @@ MONO_BRANCH    := $(shell cd $(MONO_PATH) 2> /dev/null && git symbolic-ref --sho
 endif
 
 ifdef ENABLE_XAMARIN
-NEEDED_MACCORE_VERSION := a4c51d4c1d39afd69e26f2ad659b51a151015466
+NEEDED_MACCORE_VERSION := fd15821e6780a7439df467c69eb511a046adfa06
 NEEDED_MACCORE_BRANCH := main
 
 MACCORE_DIRECTORY := maccore

tools/devops/automation/templates/governance-checks.yml

@@ -76,10 +76,20 @@ steps:
   condition: always()
 
 - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
-  displayName: 'Post Analysis'
+  displayName: Break on compliance issues
   inputs:
-    CredScan: true
-    PoliCheck: true
+    GdnBreakAllTools: true
+    GdnBreakSuppressionFiles: $(Build.SourcesDirectory)\maccore\tools\devops\falsepositives.gdnsuppress
+    GdnBreakSuppressionSets: falsepositives
+    GdnBreakOutputSuppressionFile: $(Build.ArtifactStagingDirectory)\GuardianSuppressions\falsepositives.gdnsuppress
+    GdnBreakOutputSuppressionSet: falsepositives
+
+- task: PublishBuildArtifacts@1
+  displayName: Publish Artifact for Guardian Supressions
+  inputs:
+    PathtoPublish: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
+    ArtifactName: Guardian Suppressions
+  condition: failed()
 
 - task: WhiteSource Bolt@20
   displayName: "WhiteSource Bolt analysis"