Sunday, November 17, 2024

How to Configure GitHub Advanced Security for Azure DevOps | How to Perform Security scan for Azure Repos using GitHub Advanced Security

GitHub Advanced Security for Azure DevOps brings the secret scanning, dependency scanning and CodeQL code scanning solutions already available for GitHub users and natively integrates them into Azure DevOps to protect your Azure Repos and Pipelines. 


Pre-requisites:

How to Set up dependency scanning?

Dependency scanning is a pipeline-based scanning tool. Results are aggregated per repository. It's recommended that you add the dependency scanning task to all the pipelines you'd like to be scanned.

Add the task Advanced Security Dependency Scanning task (AdvancedSecurity-Dependency-Scanning@1) directly to your YAML pipeline file or select the Advanced Security Dependency Scanning task from the task assistant.

How to Set up code scanning

Code scanning is also a pipeline-based scanning tool where results are aggregated per repository.

Add the tasks in the following order:

  1. Advanced Security Initialize CodeQL (AdvancedSecurity-Codeql-Init@1)
  2. Your custom build steps
  3. Advanced Security Perform CodeQL Analysis (AdvancedSecurity-Codeql-Analyze@1)
Pipeline YAML Code for scanning Java code using GitHub Advanced Security

trigger:
- main

resources:
- repo: self

variables:
tag: '$(Build.BuildId)'

stages:
- stage: Build
displayName: Build image
jobs:
- job: Build
displayName: Build
pool:
vmImage: ubuntu-latest
steps:
- task: AdvancedSecurity-Codeql-Init@1
inputs:
languages: 'java'
- task: Maven@4
inputs:
mavenPomFile: 'pom.xml'
goals: 'install'
publishJUnitResults: true
testResultsFiles: '**/surefire-reports/TEST-*.xml'
javaHomeOption: 'JDKVersion'
mavenVersionOption: 'Default'
mavenAuthenticateFeed: false
effectivePomSkip: false
sonarQubeRunAnalysis: false
- task: AdvancedSecurity-Dependency-Scanning@1
- task: AdvancedSecurity-Codeql-Analyze@1

Where to see the Scan resule in Azure DevOps?




No comments:

Post a Comment

How to Implement CICD Pipeline using GitHub Actions | GitHub Actions Tutorials | GitHub Actions CICD Pipeline | How to Deploy Java WAR file using GitHub Actions to Tomcat Server

Please find steps for Deploying Java WAR file to Tomcat using GitHub Actions: Pre-requisites: Make sure Tomcat is up and running Make sure J...