Sunday, November 17, 2024

How to Configure GitHub Advanced Security for Azure DevOps | How to Perform Security scan for Azure Repos using GitHub Advanced Security

GitHub Advanced Security for Azure DevOps brings the secret scanning, dependency scanning and CodeQL code scanning solutions already available for GitHub users and natively integrates them into Azure DevOps to protect your Azure Repos and Pipelines. 


Pre-requisites:

How to Set up dependency scanning?

Dependency scanning is a pipeline-based scanning tool. Results are aggregated per repository. It's recommended that you add the dependency scanning task to all the pipelines you'd like to be scanned.

Add the task Advanced Security Dependency Scanning task (AdvancedSecurity-Dependency-Scanning@1) directly to your YAML pipeline file or select the Advanced Security Dependency Scanning task from the task assistant.

How to Set up code scanning

Code scanning is also a pipeline-based scanning tool where results are aggregated per repository.

Add the tasks in the following order:

  1. Advanced Security Initialize CodeQL (AdvancedSecurity-Codeql-Init@1)
  2. Your custom build steps
  3. Advanced Security Perform CodeQL Analysis (AdvancedSecurity-Codeql-Analyze@1)

Pipeline YAML Code for scanning Java code using GitHub Advanced Security


trigger:
- main

resources:
- repo: self

variables:
tag: '$(Build.BuildId)'

stages:
- stage: Build
displayName: Build image
jobs:
- job: Build
displayName: Build
pool:
vmImage: ubuntu-latest
steps:
- task: AdvancedSecurity-Codeql-Init@1
inputs:
languages: 'java'
- task: Maven@4
inputs:
mavenPomFile: 'pom.xml'
goals: 'install'
publishJUnitResults: true
testResultsFiles: '**/surefire-reports/TEST-*.xml'
javaHomeOption: 'JDKVersion'
mavenVersionOption: 'Default'
mavenAuthenticateFeed: false
effectivePomSkip: false
sonarQubeRunAnalysis: false
- task: AdvancedSecurity-Dependency-Scanning@1
- task: AdvancedSecurity-Codeql-Analyze@1

Where to see the Scan resule in Azure DevOps?




No comments:

Post a Comment

DevSecOps Bootcamp Dec 2024 Schedule | DevSecOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

Lot of new topics covered like GitHub Actions, GitHub Advanced Security, Helm, Prometheus and Grafana..) The DevOps requirements in the IT m...