GitHub Advanced Security for Azure DevOps brings the secret scanning, dependency scanning and CodeQL code scanning solutions already available for GitHub users and natively integrates them into Azure DevOps to protect your Azure Repos and Pipelines.
Pre-requisites:
- Azure DevOps account
- Enable GitHub advanced Security billing in ADO
- Application code, I am using Java project to scan
How to Set up dependency scanning?
Dependency scanning is a pipeline-based scanning tool. Results are aggregated per repository. It's recommended that you add the dependency scanning task to all the pipelines you'd like to be scanned.
Add the task Advanced Security Dependency Scanning task (AdvancedSecurity-Dependency-Scanning@1) directly to your YAML pipeline file or select the Advanced Security Dependency Scanning task from the task assistant.
How to Set up code scanning
Code scanning is also a pipeline-based scanning tool where results are aggregated per repository.
Add the tasks in the following order:
- Advanced Security Initialize CodeQL (AdvancedSecurity-Codeql-Init@1)
- Your custom build steps
- Advanced Security Perform CodeQL Analysis (AdvancedSecurity-Codeql-Analyze@1)
No comments:
Post a Comment