You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to setup PR decoration with Azure Defender for DevOps (leave comments on PRs with the findings from the SAST tool). I had previously created a ticket on Azure, but they forwarded me here once we realised the best way to achieve what I wanted was via a GitHub workflow, rather than setting up a pipeline on Azure DevOps.
I had already set up a GitHub workflow to scan our code with Defender for DevOps, and I followed the following tutorials in order to set things up:
As you can see in the screenshot below, Azure Defender is already presenting the findings on the GitHub Security tab (highlighted in Blue in the screenshot). It is also possible to see in the tool filter, the relevant tools used by Defender - antimalware & terrascan (highlighted in Red). Lastly, but very important, we can see highlighted in Green (a filter) that these findings are related to a Pull Request.
In fact, when comparing the number of findings with another screenshot, below, we can infer that we are already able to find new findings on PR time, which is precisely my goal. I know this because the screenshot above is related to a PR that was introducing an issue (hence the number 23, referring to the number of issues spotted), whereas the screenshot below was taken before creating the aforementioned PR, filtering the issues already present in the main branch (22).
But there's one thing missing: even though Defender found a new issue on PR time, the workflow is not being annotated with a comment, related to the new finding. Can you help me figure out what the issue is? I believe that, as per documentation, this is possible to achieve!
The text was updated successfully, but these errors were encountered:
Hi,
I am trying to setup PR decoration with Azure Defender for DevOps (leave comments on PRs with the findings from the SAST tool). I had previously created a ticket on Azure, but they forwarded me here once we realised the best way to achieve what I wanted was via a GitHub workflow, rather than setting up a pipeline on Azure DevOps.
I had already set up a GitHub workflow to scan our code with Defender for DevOps, and I followed the following tutorials in order to set things up:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/github-action
https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-pull-request-annotations
As you can see in the screenshot below, Azure Defender is already presenting the findings on the GitHub Security tab (highlighted in Blue in the screenshot). It is also possible to see in the tool filter, the relevant tools used by Defender - antimalware & terrascan (highlighted in Red). Lastly, but very important, we can see highlighted in Green (a filter) that these findings are related to a Pull Request.
In fact, when comparing the number of findings with another screenshot, below, we can infer that we are already able to find new findings on PR time, which is precisely my goal. I know this because the screenshot above is related to a PR that was introducing an issue (hence the number 23, referring to the number of issues spotted), whereas the screenshot below was taken before creating the aforementioned PR, filtering the issues already present in the main branch (22).
But there's one thing missing: even though Defender found a new issue on PR time, the workflow is not being annotated with a comment, related to the new finding. Can you help me figure out what the issue is? I believe that, as per documentation, this is possible to achieve!
The text was updated successfully, but these errors were encountered: