Merge pull request #307 from dotnet/marcpopMSFT-enablesdl

Enable default SDL checks on build
dotnet · Sep 17, 2024 · 0d48c70 · 0d48c70
2 parents 91ba9e0 + e1be55f
commit 0d48c70
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 24 deletions.
diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json
@@ -0,0 +1,10 @@
+{
+    "instanceUrl": "https://devdiv.visualstudio.com/",
+    "template": "TFSDEVDIV",
+    "projectName": "DEVDIV",
+    "areaPath": "DevDiv\\NET Tools\\SDK",
+    "iterationPath": "DevDiv",
+    "notificationAliases": [ "dotnetdevexcli@microsoft.com" ],
+    "repositoryName": "cli-lab",
+    "codebaseName": "cli-lab"
+}
diff --git a/.vsts-ci.yml b/.vsts-ci.yml
@@ -25,6 +25,13 @@ resources:
 extends:
   template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
   parameters:
+    sdl:
+      policheck:
+        enabled: true
+      tsa:
+        enabled: true
+      binskim:
+        analyzeTargetGlob: $(Build.SourcesDirectory)/artifacts/bin/**.dll;$(Build.SourcesDirectory)/artifacts/bin/**.exe;
     pool:
       name: $(DncEngInternalBuildPool)
       image: 1es-windows-2022
@@ -152,27 +159,3 @@ extends:
                 publishLocation: 'Container'
                 parallel: true
 
-    - ${{ if eq(variables._RunAsInternal, True) }}:
-      - template: eng\common\templates-official\post-build\post-build.yml@self
-        parameters:
-          publishingInfraVersion: 3
-          # signing validation will not run, even if the below value is 'true', if the 'PostBuildSign' variable is set to 'true'
-          enableSigningValidation: false      
-          enableSourceLinkValidation: false
-          publishDependsOn:
-          - build
-          # This is to enable SDL runs part of Post-Build Validation Stage
-          SDLValidationParameters:
-            enable: true
-            continueOnError: false
-            params: ' -SourceToolsList @("policheck","credscan")
-            -TsaInstanceURL $(_TsaInstanceURL)
-            -TsaProjectName $(_TsaProjectName)
-            -TsaNotificationEmail $(_TsaNotificationEmail)
-            -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-            -TsaBugAreaPath $(_TsaBugAreaPath)
-            -TsaIterationPath $(_TsaIterationPath)
-            -TsaRepositoryName "cli-lab"
-            -TsaCodebaseName "cli-lab"
-            -TsaPublish $True
-            -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'