Add tsaconfig to enable compliance tooling (#358)

* tsaconfig * tsaconfig * new way * Update azure-pipelines.yml
dotnet · Jul 22, 2024 · 0ad5779 · 0ad5779
1 parent 4dad29a
commit 0ad5779
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 0 deletions.
diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json
@@ -0,0 +1 @@
+{}
diff --git a/.config/PoliCheckExclusions.xml b/.config/PoliCheckExclusions.xml
@@ -0,0 +1,3 @@
+<PoliCheckExclusions>
+
+</PoliCheckExclusions>
diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json
@@ -0,0 +1,10 @@
+{
+    "instanceUrl": "https://devdiv.visualstudio.com/",
+    "template": "TFSDEVDIV",
+    "projectName": "DEVDIV",
+    "areaPath": "DevDiv\\ASP.NET Core\\Policy Violations",
+    "iterationPath": "DevDiv",
+    "notificationAliases": [ "aspnetcore-build@microsoft.com" ],
+    "repositoryName": "aspire-samples",
+    "codebaseName": "aspire-samples"
+}
diff --git a/build/azure-pipelines.yml b/build/azure-pipelines.yml
@@ -30,9 +30,14 @@ extends:
           image: 1es-windows-2022
           os: windows
     sdl:
+      policheck:
+        enabled: true
+        exclusionsFile: $(Build.SourcesDirectory)\.config\PoliCheckExclusions.xml
       sbom:
        # opting-out of SBOM generation as we don't produce artifacts
         enabled: false
+      tsa:
+        enabled: true        
 
     stages:
     - stage: build