[ci] Update tasks in code check job (#603)

.ci/build.yml

@@ -40,6 +40,7 @@ parameters:
   namesFilter: ''                                           # [manifest, directories] the names of the items to build
   targetsFilter: 'ci'                                       # [manifest, directories] the targets of the items to build
   runCodeQL: 'false'
+  tsaOptionsPath: '$(Build.SourcesDirectory)/.ci/tsaoptions.json'
 
 jobs:
   - job: ${{ parameters.name }}
@@ -50,7 +51,7 @@ jobs:
     variables:
       Codeql.Enabled: ${{ parameters.runCodeQL }}
       Codeql.TSAEnabled: true
-      Codeql.TSAOptionsPath: '.ci/tsaoptions.json'
+      Codeql.TSAOptionsPath: ${{ parameters.tsaOptionsPath }}
     pool:
       vmImage: ${{ parameters.macosImage }}
     steps:
@@ -333,7 +334,7 @@ jobs:
   - ${{ if and(eq(parameters.runChecks, 'true'), eq(variables['System.TeamProject'], 'devdiv')) }}:
     - job: ${{ parameters.name }}_checks
       displayName: 'Run required code checks'
-      condition: eq('refs/heads/${{ parameters.masterBranchName }}', variables['Build.SourceBranch'])
+      condition: or(eq('refs/heads/${{ parameters.masterBranchName }}', variables['Build.SourceBranch']), eq('refs/heads/update-codecheck-tasks', variables['Build.SourceBranch']))
       pool:
         name: 'Hosted Windows 2019 with VS2019'
       steps:
@@ -344,55 +345,44 @@ jobs:
             $CODEBASE_NAME = $repo + "_" + $branch
             echo "Using codebase: $CODEBASE_NAME"
             Write-Host "##vso[task.setvariable variable=CODEBASE_NAME]$CODEBASE_NAME"
-        - task: CredScan@2
+        - task: CredScan@3
           displayName: 'Analyze source for credentials'
+        - task: PoliCheck@2
           inputs:
-            toolMajorVersion: 'V2'
-        - task: PoliCheck@1
-          inputs:
-            inputType: 'Basic'
-            targetType: 'F'
-        - task: SdtReport@1
+            targetType: F
+            targetArgument: '$(Build.SourcesDirectory)'
+        - task: SdtReport@2
           displayName: 'Create security analysis report'
           inputs:
-            AllTools: false
-            APIScan: false
-            BinSkim: false
-            CodesignValidation: false
-            CredScan: true
-            FortifySCA: false
-            FxCop: false
-            ModernCop: false
-            MSRD: false
-            PoliCheck: true
-            RoslynAnalyzers: false
-            SDLNativeRules: false
-            Semmle: false
-            TSLint: false
-            ToolLogsNotFoundAction: 'Standard'
+            GdnExportAllTools: false
+            GdnExportGdnToolApiScan: false
+            GdnExportGdnToolArmory: false
+            GdnExportGdnToolBandit: false
+            GdnExportGdnToolBinSkim: false
+            GdnExportGdnToolCodesignValidation: false
+            GdnExportGdnToolCredScan: true
+            GdnExportGdnToolCredScanSeverity: 'Default'
+            GdnExportGdnToolCSRF: false
+            GdnExportGdnToolDetekt: false
+            GdnExportGdnToolESLint: false
+            GdnExportGdnToolFlawfinder: false
+            GdnExportGdnToolFortifySca: false
+            GdnExportGdnToolFxCop: false
+            GdnExportGdnToolGosec: false
+            GdnExportGdnToolModernCop: false
+            GdnExportGdnToolPoliCheck: true
+            GdnExportGdnToolPoliCheckSeverity: 'Default'
+            GdnExportGdnToolRoslynAnalyzers: false
+            GdnExportGdnToolPSScriptAnalyzer: false
+            GdnExportGdnToolSDLNativeRules: false
+            GdnExportGdnToolSemmle: false
+            GdnExportGdnToolSpotBugs: false
+            GdnExportGdnToolTSLint: false
         - task: PublishSecurityAnalysisLogs@3
           displayName: 'Publish security analysis logs'
-        - task: TSAUpload@1
+        - task: TSAUpload@2
           continueOnError: true
           inputs:
-            tsaVersion: 'TsaV2'
-            codebase: 'NewOrUpdate'
-            tsaEnvironment: 'PROD'
-            codeBaseName: '$(CODEBASE_NAME)'
-            notificationAlias: 'xamacomd@microsoft.com'
-            notifyAlwaysV2: false
-            instanceUrlForTsaV2: 'DEVDIV'
-            projectNameDEVDIV: 'DevDiv'
-            areaPath: '${{ parameters.areaPath }}'
-            iterationPath: 'DevDiv\Future Backlog'
-            uploadAPIScan: false
-            uploadBinSkim: false
-            uploadCredScan: true
-            uploadFortifySCA: false
-            uploadFxCop: false
-            uploadModernCop: false
-            uploadPoliCheck: true
-            uploadPREfast: false
-            uploadRoslyn: false
-            uploadTSLint: false
-            uploadAsync: true
+            GdnPublishTsaOnboard: true
+            GdnPublishTsaConfigFile: ${{ parameters.tsaOptionsPath }}
+            GdnPublishTsaExportedResultsPublishable: true

.ci/tsaoptions.json

@@ -1,5 +1,5 @@
 {
-    "codebaseName": "xamarin_GoogleApisForiOSComponents",
+    "codebaseName": "GoogleApisForiOSComponents_main",
     "notificationAliases": [
         "xamacomd@microsoft.com"
     ],
@@ -10,5 +10,8 @@
     "projectName": "DevDiv",
     "areaPath": "DevDiv\\VS Client - Runtime SDKs\\[Archived] Components",
     "iterationPath": "DevDiv\\Future Backlog",
-    "allTools": true
+    "tools": [
+        "CredScan",
+        "PoliCheck"
+    ]
 }