Make sure that Secret Scanning (SS) is in place for your repository. Exposed credentials provide easily exploitable opportunities for attackers. To defend against this threat, secret scanning tools scan for credentials in your source code. Learn more: https://learn.microsoft.com/en-us/azure/devops/repos/security/github-advanced-security-secret-scanning https://github.com/gitleaks/gitleaks https://appsecmap.com https://owasp.org/www-project-devsecops-guideline/latest/01a-Secrets-Management
1. Navigate to Project -> Pipelines. 2. Open your repository CI Pipeline. 3. Ensure a secret scanning tool is present in your pipeline. 4.Or alternatively, you can enable 'Advanced Security' for your repository.
{
"target": "ADORepositoryPipelines",
"if": {
"allOf": [
{
"anyOf": [
{
"resource": "ADORepositoryPipelines",
"property": "AdvSecEnabled",
"operator": "equals",
"value": true
},
{
"resource": "ADORepositoryPipelines",
"property": "PipelinesFinalYaml",
"operator": "match",
"value": "$(ADO_POLICY_VAR_DEVSECOPS_SS_SECRET_SCANNING_TOOLS_PATTERNS)"
}
]
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions