security-devops-action
security-devops-action copied to clipboard
microsoft
Microsoft Security DevOps for GitHub Actions.
Could the [Microsoft.Security.DevOps.CLI](https://www.nuget.org/packages/Microsoft.Security.DevOps.Cli) be repackaged as a dotnet tool so that it could be installed and used more cleanly from the command line: dotnet tool install --global Microsoft.Security.DevOps.CLI As it...
SNYK https://docs.snyk.io/products/snyk-code/cli-for-snyk-code/working-with-the-snyk-code-cli-results/exporting-the-test-results-to-a-json-or-sarif-file TRIVY https://aquasecurity.github.io/trivy/v0.27.1/docs/vulnerability/examples/report/ Prisma Cloud https://www.paloaltonetworks.com/blog/prisma-cloud/github-action-container-image-scanning/ SEMGREP https://semgrep.dev/docs/cli-reference/ gitleaks https://github.com/zricethezav/gitleaks Dockle https://github.com/goodwithtech/dockle
Hi, I am trying to setup PR decoration with Azure Defender for DevOps (leave comments on PRs with the findings from the SAST tool). I had previously created a ticket...
Node 16 actions are being deprecated by Github and we're starting to get warnings in our workflows: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/
provide a way to set a proxy in the devops task to avoid copying .npmrc manually to the account running pipeline on a self-hosted agent server
We have a project that I recently tried adding the following YAML to the build pipeline: ``` - task: UseDotNet@2 displayName: 'Use dotnet' condition: eq(variables['Build.SourceBranchName'], '18321-add-vulnerability-scan') inputs: version: 3.1.x -...
We have a situation where we use `azd` to deploy Bicep files, and we intentionally leave one of the parameters unspecified, so that `azd` prompts for that parameter. However, the...
I am trying to use the action to analyze a single template, so I specified env variables that seem to correspond to the usage described in https://github.com/Azure/template-analyzer: ``` - name:...
Hello, I'm incorporating this in my pipelines and it's working for yaml pipeline but when I try to run the "Run Microsoft Defender for DevOps" task on a classical release...
Hello. I'm setting up the action in multiple repositories and all of them fails in the same step, while trying to execute `bandit`. Logs: ``` Error: Error running tool 2...
