Add TSAUpload for APIScan (#18446)

2024-11-26 19:34:22 +08:00 · 2022-11-02 15:58:18 -07:00 · 2022-11-02 15:58:18 -07:00 · 753a252363
commit 753a252363
parent 38531558ac
4 changed files with 25 additions and 15 deletions
--- a/tools/guardian/tsaconfig-apiscan.json
+++ b/tools/guardian/tsaconfig-apiscan.json
@ -0,0 +1,6 @@
+{
+  "codebaseName": "PowerShellCore_201906",
+  "tools": [
+      "APIScan"
+  ]
+}
--- a/tools/guardian/tsaconfig-others.json
+++ b/tools/guardian/tsaconfig-others.json
@ -0,0 +1,7 @@
+{
+  "codebaseName": "PowerShellCore_201906",
+  "tools": [
+      "CredScan",
+      "PoliCheck"
+  ]
+}
--- a/tools/releaseBuild/azureDevOps/templates/compliance/apiscan.yml
+++ b/tools/releaseBuild/azureDevOps/templates/compliance/apiscan.yml
@ -121,6 +121,12 @@ jobs:
        GdnExportGdnToolApiScan: true
        #this didn't do anything GdnExportCustomLogsFolder: '$(Build.ArtifactStagingDirectory)/Guardian'

+    - task: TSAUpload@2
+      displayName: 'TSA upload'
+      inputs:
+        GdnPublishTsaOnboard: false
+        GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)\tools\guardian\tsaconfig-APIScan.json'
+
    - pwsh: |
        Get-ChildItem -Path env:
      displayName: Capture Environment
--- a/tools/releaseBuild/azureDevOps/templates/compliance/compliance.yml
+++ b/tools/releaseBuild/azureDevOps/templates/compliance/compliance.yml
@ -35,7 +35,7 @@ jobs:
      debugMode: false
    continueOnError: true

-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
    displayName: 'Run PoliCheck'
    inputs:
      # targetType F means file or folder and is the only applicable value and the default
@ -54,24 +54,15 @@ jobs:
      optionsUEPath: $(Build.SourcesDirectory)\tools\terms\TermsExclusion.xml
    continueOnError: true

-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
    displayName: 'Publish Security Analysis Logs to Build Artifacts'
    continueOnError: true

-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
-    displayName: 'TSA upload to Codebase: PowerShellCore_201906'
+  - task: TSAUpload@2
+    displayName: 'TSA upload'
    inputs:
-      tsaVersion: TsaV2
-      codeBaseName: 'PowerShellCore_201906'
-      uploadFortifySCA: false
-      uploadFxCop: false
-      uploadModernCop: false
-      uploadPREfast: false
-      uploadRoslyn: false
-      uploadTSLint: false
-      uploadCredScan: true
-      uploadPoliCheck: true
-      uploadBinSkim: false
+      GdnPublishTsaOnboard: false
+      GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)\tools\guardian\tsaconfig-others.json'

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
    displayName: 'Create Security Analysis Report'