[release/3.1] Move SDL validation to ringed release

.azure/pipelines/ci.yml

@@ -73,8 +73,6 @@ variables:
              /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
              /p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory)
 
-    # used for post-build phases, internal builds only
-    - group: DotNet-AspNet-SDLValidation-Params
   - ${{ if in(variables['Build.Reason'], 'PullRequest') }}:
     - name: _BuildArgs
       value: ''
@@ -714,18 +712,3 @@ stages:
       # See https://github.com/dotnet/arcade/issues/2871
       enableSymbolValidation: false
       publishInstallersAndChecksums: true
-      # This is to enable SDL runs part of Post-Build Validation Stage
-      SDLValidationParameters:
-        enable: false
-        continueOnError: false
-        params: ' -SourceToolsList @("policheck","credscan")
-        -TsaInstanceURL $(_TsaInstanceURL)
-        -TsaProjectName $(_TsaProjectName)
-        -TsaNotificationEmail $(_TsaNotificationEmail)
-        -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-        -TsaBugAreaPath $(_TsaBugAreaPath)
-        -TsaIterationPath $(_TsaIterationPath)
-        -TsaRepositoryName "AspNetCore"
-        -TsaCodebaseName "AspNetCore"
-        -TsaPublish $True
-        -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'

eng/sdl-tsa-vars.config

@@ -0,0 +1,12 @@
+-SourceToolsList @("policheck","credscan")
+-TsaInstanceURL https://devdiv.visualstudio.com/
+-TsaProjectName DEVDIV
+-TsaNotificationEmail [email protected]
+-TsaCodebaseAdmin REDMOND\kevinpi
+-TsaBugAreaPath "DevDiv\ASP.NET Core"
+-TsaIterationPath DevDiv
+-TsaRepositoryName AspNetCore
+-TsaCodebaseName AspNetCore
+-TsaOnboard $True
+-TsaPublish $True
+-PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")