Apply codeql (#8072)

* apply codeql

* fix spelling check

.github/actions/spelling/expect.txt

@@ -91,6 +91,7 @@ cobertura
 codebase
 codeblock
 codepen
+Codeql
 Coderange
 codesnippet
 colgroup

azure-pipelines-lgtm.yml

@@ -11,114 +11,21 @@ trigger:
 pr: none
 
 variables:
-- name: dotnetVersion
-  value: 6.0.x
-- name: runCodesignValidationInjection
-  value: false
-- name: NugetSecurityAnalysisWarningLevel
-  value: none
-- name: LGTM.SnapshotIdentifiers
-  value: Build=Full
-- name: LGTM.SnapshotMetadata
-  value: Owner=OPSBuild
-- name: LGTM.UploadSnapshot
-  value: true
-- name: Semmle.SkipAnalysis
-  value: true
-
-jobs:
-
-# Test and deploy on windows
-- job: SecurityChecks
-  timeoutInMinutes: 360
-  pool:
-    vmImage: 'windows-latest'
-  steps:
-
-  # Install .NET Core sdk
-  - task: UseDotNet@2
-    displayName: 'Install .NET Core sdk $(dotnetVersion)'
-    inputs:
-      packageType: sdk
-      version: $(dotnetVersion)
-
-  - task: UseDotNet@2
-    displayName: 'Install .NET Core sdk 3.1 for LGTM'
-    inputs:
-      packageType: sdk
-      version: 3.1.404
-  - task: DotNetCoreCLI@2
-    displayName: dotnet build -c Release
-    inputs:
-      command: 'build'
-      arguments: '-c Release'
-
-  # Run CredScan
-  - task: CredScan@2
-    displayName: Security - CredScan
-    inputs:
-      toolMajorVersion: 'V2'
-
-  # Run SDL tools
-  - task: BinSkim@3
-    displayName: Security - BinSkim
-    inputs:
-      InputType: 'Basic'
-      Function: 'analyze'
-      AnalyzeTarget: >
-        src/docfx/bin/Release/net6.0/docfx.dll;
-        src/docfx/bin/Release/net6.0/Microsoft.Docs.MarkdigExtensions.dll;
-        src/docfx/bin/Release/net6.0/Microsoft.Docs.Build.Specialized.dll;
-
-  - task: Semmle@0
-    displayName: Security - LGTM
-    env: 
-      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
-    inputs:
-      toolVersion: 'LatestPreRelease'
-      sourceCodeDirectory: '$(Build.SourcesDirectory)'
-      language: 'csharp'
-      cleanupBuildCommands: 'dotnet clean'
-      buildCommands: 'dotnet build'
-      querySuite: 'Required'
-      timeout: '7200'
-      ram: '16384'
-      addProjectDirToScanningExclusionList: true
-
-  - task: SdtReport@1
-    displayName: Security - SdtReport
-    inputs:
-      Semmle: true
-      CredScan: true
-      BinSkim: true
-      ToolLogsNotFoundAction: 'Standard'
-
-  - task: PublishSecurityAnalysisLogs@2
-    displayName: Security - Publish Scan Results
-    inputs:
-      ArtifactName: 'CodeAnalysisLogs'
-      ArtifactType: 'Container'
-      AllTools: true
-      ToolLogsNotFoundAction: 'Standard'
-
-  - task: TSAUpload@1
-    inputs:
-      tsaVersion: 'TsaV2'
-      codebase: 'NewOrUpdate'
-      tsaEnvironment: 'PROD'
-      codeBaseName: 'Docs_default'
-      areaPath: 'One\\DeveloperRelations'
-      iterationPath: 'One\\Custom\\_Default'
-      instanceUrlForTsaV2: MSAZURE
-      projectNameMSAZURE: One
-      uploadBinSkim: true
-      uploadCredScan: true
-      uploadAsync: true
-
-  - task: PostAnalysis@1
-    displayName: Security - PostAnalysis
-    inputs:
-      Semmle: true
-      CredScan: true
-      BinSkim: true
-      ToolLogsNotFoundAction: 'Standard'
+  Codeql.Enabled: true
+
+pool:
+  vmImage: 'windows-2019'
+
+steps:
+- task: UseDotNet@2
+  displayName: 'Install .NET Core sdk 6.0'
+  inputs:
+    packageType: sdk
+    version: 6.0.x
+
+- task: DotNetCoreCLI@2
+  displayName: Dotnet build
+  inputs:
+    command: 'build'
+    projects: '**\*.csproj'
+    arguments: '-c Release'