Merge pull request #7027 from dotnet/dev/bozturk/enable-policheck

Enable policheck

.vsts-ci.yml

@@ -22,6 +22,7 @@ variables:
 - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
   - group: DotNet-DotNetCli-Storage
   - group: DotNet-Blob-Feed
+  - group: DotNet-Installer-SDLValidation-Params
   - name: _PublishUsingPipelines
     value: true
 
@@ -223,6 +224,18 @@ stages:
       # This repo doesn't produce any signed packages.
       enableSigningValidation: false
       publishInstallersAndChecksums: true
+      SDLValidationParameters:
+        enable: true
+        params: ' -SourceToolsList @("policheck","credscan")
+        -TsaInstanceURL $(_TsaInstanceURL)
+        -TsaProjectName $(_TsaProjectName)
+        -TsaNotificationEmail $(_TsaNotificationEmail)
+        -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
+        -TsaBugAreaPath $(_TsaBugAreaPath)
+        -TsaIterationPath $(_TsaIterationPath)
+        -TsaRepositoryName "dotnet-installer"
+        -TsaCodebaseName "dotnet-installer"
+        -TsaPublish $True'
 
 - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), not(contains(variables['Build.SourceBranch'], 'refs/heads/internal/'))) }}:
   - stage: copy_to_latest