chore: add TSAUpload step to Custom SDL stage (#231150)

build/azure-pipelines/config/tsaoptions.json

@@ -0,0 +1,12 @@
+{
+	"codebaseName": "devdiv_microsoft_vscode",
+	"serviceTreeID": "79c048b2-322f-4ed5-a1ea-252a1250e4b3",
+	"instanceUrl": "https://devdiv.visualstudio.com/defaultcollection",
+	"projectName": "DevDiv",
+	"areaPath": "DevDiv\\VS Code (compliance tracking only)\\Visual Studio Code Client",
+	"notificationAliases": [
+		"monacotools@microsoft.com"
+	],
+	"validateToolOutput": "None",
+	"allTools": true
+}

build/azure-pipelines/product-build.yml

@@ -174,15 +174,7 @@ extends:
     sdl:
       tsa:
         enabled: true
-        config:
-          codebaseName: 'devdiv_$(Build.Repository.Name)'
-          serviceTreeID: '79c048b2-322f-4ed5-a1ea-252a1250e4b3'
-          instanceUrl: 'https://devdiv.visualstudio.com/defaultcollection'
-          projectName: 'DevDiv'
-          areaPath: "DevDiv\\VS Code (compliance tracking only)\\Visual Studio Code Client"
-          notificationAliases: ['monacotools@microsoft.com']
-          validateToolOutput: None
-          allTools: true
+        configFile: $(Build.SourcesDirectory)/build/azure-pipelines/config/tsaoptions.json
       codeql:
         runSourceLanguagesInSourceAnalysis: true
         compiled:

build/azure-pipelines/win32/sdl-scan-win32.yml

@@ -160,3 +160,11 @@ steps:
       ArtifactType: Container
       PublishProcessedResults: false
       AllTools: true
+
+  # TSA Upload
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2
+    displayName: TSA Upload
+    continueOnError: true
+    inputs:
+      GdnPublishTsaOnboard: true
+      GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/build/azure-pipelines/config/tsaoptions.json'