Configure Bicep code scanning in GitHub with Microsoft Defender for DevOps
ฝัง
- เผยแพร่เมื่อ 14 ต.ค. 2024
- Microsoft Defender for DevOps is a new capability in Defender for Cloud that provides visibility across multiple DevOps environments that you can use to centrally manage DevOps security, strengthen your infrastructure as code and help you prioritize critical issues in code across your pipeline and multiple cloud environments.
In this video, I’m going to show you how you can set up Defender for DevOps, connect your GitHub account to Defender for DevOps, setting up your GitHub Actions workflow to run the scan and then publish the results of the scan to GitHub so you can remediate issues.
Any questions? Pop them in the comment section below 👇
Twitter: / willvelida
RESOURCES
Blog post: www.willvelida...
GitHub Repo: github.com/wil...
Defender for DevOps: learn.microsof...
Microsoft Security DevOps for GitHub Actions: github.com/mic...
Microsoft Security DevOps for GitHub Actions YAML file: github.com/mic...
Hi @Will Velida
Thanks for the tutorial. However I am totally missing what the integration with Microsoft Defender for Cloud is for in the tutorial (or maybe in general). I am thinking that you could have setup the static analysis tool without the integration.
I am really trying to figure out what value we get from the connection (or just what it does). As I understand from the video the connection was only setup to install the action so you could perform the scans using GitHub actions and nothing else. That is totally confusing,
\Jakub
Great tutorial, did see that you are not using federed credentials for your workload identity that is creating resources in Azure.
Thanks for watching! Yeah that was just to get a simple example going. But you're right, you should absolutely use federated credentials for workload identities!
𝐩яⓞ𝓂𝓞Ş𝐦 😇