Make sure that Static Application Security Testing (SAST) / Code Scanning is in place for your repository. Code scanning lets you analyze the code to find security vulnerabilities and coding errors. SAST tools play a crucial role in identifying security vulnerabilities within source code. These tools analyze code for potential flaws based on predefined security rules and policies. Before their code is compiled, DevSecOps developers begin testing their custom code for security vulnerabilities. This helps them fix issues without affecting the build. SAST tools make this process easier with automatic checks and real-time feedback. Learn more: https://learn.microsoft.com/en-us/azure/devops/repos/security/github-advanced-security-code-scanning https://appsecmap.com https://owasp.org/www-community/Source_Code_Analysis_Tools https://www.microsoft.com/en-us/security/business/security-101/what-is-devsecops
1. Navigate to Project -> Pipelines. 2. Open your repository CI Pipeline. 3. Ensure a SAST / Code scanning tool is present in your pipeline.
{
"target": "ADORepositoryPipelines",
"if": {
"allOf": [
{
"resource": "ADORepositoryPipelines",
"property": "PipelinesFinalYaml",
"operator": "match",
"value": "$(ADO_POLICY_VAR_DEVSECOPS_SAST_STATIC_APPLICATION_SECURITY_TESTING_TOOLS_PATTERNS)"
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions