From 0cc4c204eb200287c7c36e9565c659a683c41838 Mon Sep 17 00:00:00 2001
From: phil-allen-msft <phillipa@microsoft.com>
Date: Mon, 17 Mar 2025 20:52:21 -0700
Subject: [PATCH 1/3] Update TSA Settings

---
 azure-pipelines-official.yml |  5 +++++
 eng/TSAConfig.gdntsa         | 10 ++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/azure-pipelines-official.yml b/azure-pipelines-official.yml
index b11fa8dc546..6262d4d6f33 100644
--- a/azure-pipelines-official.yml
+++ b/azure-pipelines-official.yml
@@ -84,6 +84,11 @@ extends:
         name: NetCore1ESPool-Svc-Internal
         image: 1es-windows-2022
         os: windows
+      policheck:
+        enabled: true
+      tsa:
+        enabled: true
+        configFile: '$(Build.SourcesDirectory)/eng/TSAConfig.gdntsa'
       sbom:
         enabled: false
     pool:
diff --git a/eng/TSAConfig.gdntsa b/eng/TSAConfig.gdntsa
index 5ab3f1d96d1..d40718db245 100644
--- a/eng/TSAConfig.gdntsa
+++ b/eng/TSAConfig.gdntsa
@@ -4,14 +4,12 @@
         "CoreRazorTooling@microsoft.com"
     ],
     "codebaseAdmins": [
-        "REDMOND\\manishj",
-        "REDMOND\\vaagrawa"
+        "REDMOND\\jaredpar",
+        "REDMOND\\phillipa"
     ],
     "instanceUrl": "https://devdiv.visualstudio.com",
     "projectName": "DevDiv",
-    "areaPath": "DevDiv\\NET Developer Experience\\Productivity\\Razor Tooling",
+    "areaPath": "DevDiv\\NET Developer Experience\\Razor Tooling",
     "iterationPath": "DevDiv",
-    "tools": [
-        "APIScan"
-    ]
+    "allTools": true
 }
\ No newline at end of file

From 7a2d9bded7c59fcf27b3ba93a493df3e646e2b16 Mon Sep 17 00:00:00 2001
From: phil-allen-msft <phillipa@microsoft.com>
Date: Mon, 17 Mar 2025 20:54:22 -0700
Subject: [PATCH 2/3] Add binskim

---
 azure-pipelines-official.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/azure-pipelines-official.yml b/azure-pipelines-official.yml
index 6262d4d6f33..49c1e86c38c 100644
--- a/azure-pipelines-official.yml
+++ b/azure-pipelines-official.yml
@@ -84,6 +84,8 @@ extends:
         name: NetCore1ESPool-Svc-Internal
         image: 1es-windows-2022
         os: windows
+      binskim:
+        enabled: true
       policheck:
         enabled: true
       tsa:

From 852d63cf52ea617bc9ddac7763b7d3fd9469b7cf Mon Sep 17 00:00:00 2001
From: Phil Allen <phillipa@microsoft.com>
Date: Mon, 24 Mar 2025 11:30:06 -0700
Subject: [PATCH 3/3] Remove explicit binskim configuration from pipeline

Since it is on by default
---
 azure-pipelines-official.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/azure-pipelines-official.yml b/azure-pipelines-official.yml
index 49c1e86c38c..08e1f68484a 100644
--- a/azure-pipelines-official.yml
+++ b/azure-pipelines-official.yml
@@ -1,4 +1,4 @@
-#
+#
 # See https://docs.microsoft.com/azure/devops/pipelines/yaml-schema for reference.
 #
 
@@ -84,8 +84,6 @@ extends:
         name: NetCore1ESPool-Svc-Internal
         image: 1es-windows-2022
         os: windows
-      binskim:
-        enabled: true
       policheck:
         enabled: true
       tsa: