Merge pull request #16673 from aspnet/SDL

Enable SDL validation in rel/3.1
2019-10-30 16:56:51 -07:00 · 2019-10-30 16:56:51 -07:00 · 11a84e25b4
parent 8669ce3f69 9f903018d7
commit 11a84e25b4
1 changed files with 18 additions and 1 deletions
--- a/.azure/pipelines/ci.yml
+++ b/.azure/pipelines/ci.yml
@ -65,7 +65,10 @@ variables:
      valule: test
    - name: _PublishArgs
      value: ''
-
+  # used for post-build phases, internal builds only
+  - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
+    - group: DotNet-AspNet-SDLValidation-Params
+    
 stages:
 - stage: build
  displayName: Build
@ -634,3 +637,17 @@ stages:
      enableSymbolValidation: false
      enableSigningValidation: false
      publishInstallersAndChecksums: true
+      # This is to enable SDL runs part of Post-Build Validation Stage
+      SDLValidationParameters:
+        enable: true
+        continueOnError: false
+        params: ' -SourceToolsList @("policheck","credscan")
+        -TsaInstanceURL $(_TsaInstanceURL)
+        -TsaProjectName $(_TsaProjectName)
+        -TsaNotificationEmail $(_TsaNotificationEmail)
+        -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
+        -TsaBugAreaPath $(_TsaBugAreaPath)
+        -TsaIterationPath $(_TsaIterationPath)
+        -TsaRepositoryName "AspNetCore"
+        -TsaCodebaseName "AspNetCore"
+        -TsaPublish $True'