From f9bbffcb77d00d5129bf03d29f927f96607e48ff Mon Sep 17 00:00:00 2001
From: Joey Robichaud <jorobich@microsoft.com>
Date: Thu, 9 Apr 2020 16:56:58 -0700
Subject: [PATCH] Enable SDL Validation in official builds

---
 azure-pipelines-official.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/azure-pipelines-official.yml b/azure-pipelines-official.yml
index 892e503970420..a158543796d75 100644
--- a/azure-pipelines-official.yml
+++ b/azure-pipelines-official.yml
@@ -18,6 +18,7 @@ variables:
     value: .NETCore
   - name: _DotNetValidationArtifactsCategory
     value: .NETCoreValidation
+  - group: DotNet-Roslyn-SDLValidation-Params
 
 stages:
 - stage: build
@@ -291,3 +292,17 @@ stages:
       enableSourceLinkValidation: false
       validateDependsOn:
         - SetValidateDependency
+      # Enable SDL validation, passing through values from the 'DotNet-Roslyn-SDLValidation-Params' group.
+      SDLValidationParameters:
+        enable: true
+        params: >-
+          -SourceToolsList @("policheck","credscan")
+          -TsaInstanceURL $(_TsaInstanceURL)
+          -TsaProjectName $(_TsaProjectName)
+          -TsaNotificationEmail $(_TsaNotificationEmail)
+          -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
+          -TsaBugAreaPath $(_TsaBugAreaPath)
+          -TsaIterationPath $(_TsaIterationPath)
+          -TsaRepositoryName $(_TsaRepositoryName)
+          -TsaCodebaseName $(_TsaCodebaseName)
+          -TsaPublish $True
\ No newline at end of file