Update microsoft/security-devops-action action to v1.12.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
microsoft/security-devops-action	action	minor	v1.6.0 -> v1.12.0

---

Release Notes

microsoft/security-devops-action (microsoft/security-devops-action)

v1.12.0: Version 1.12.0

Compare Source

Adds support for MSDO upload verb which can be used to upload existing results which were not produced directly by MSDO.

v1.11.0: Enable Container Mapping by Default for Active Customers

Compare Source

In this release, we're enabling the container-mapping tool by default for customers who have onboarded to Microsoft Defender for Cloud and have enabled their GitHub organization.

Those who do not have Microsoft Defender for Cloud enabled on their GitHub organizations will not be able to run the container-mapping workload and it will be automatically skipped.

With this change, we are deprecating the includeTools option. If you would like to manually specify which tools to run, this can still be done via the tools option as before. See the wiki for further instructions.

v1.10.0

Compare Source

This release brings introduces our first pre and post job feature, container-mapping, as an opt-in feature. It runs docker commands to see which containers have been created during the pipeline for integration with Microsoft Defender for DevOps.

To configure Container Mapping to send conatiner data to Microsoft Defender for DevOps, include container-mapping as a tool:

- uses: microsoft/security-devops-action@v1
  id: msdo
  with:
    includeTools: container-mapping

This will run all the analyzers defined by the configured or defaulted policy in addition to container-mapping. To only run this feature, define container-mapping as the only tool to run:

- uses: microsoft/security-devops-action@v1
  id: msdo
  with:
    tools: container-mapping

---

In future releases, we will use this to auto-configure container scanning as well as introduce additional scanning optimizations and capabilities.

v1.9.1

Compare Source

Adds a backwards compatibility check for the --export-breaking-results-to-file which going forward still exists, with corrected behavior, and will use --export-file instead.

v1.8.2

Compare Source

v1.7.2: - node10 backwards compatibility fix

Compare Source

v1.7.2 - 06/22/2023

Fixed

• Added try-catch best effort for gzip json response decompression from nuget.org
• Compile with nodenext moduleResolution so it implements a Promise resolver intead of yield on dynamic module resolution (node v13.2+)
  • Resolves node and node10 task runners

v1.7.0

Compare Source

Added

• The msdo-nuget-client.ts javascript nuget client
• Dependency on adm-zip
• Dependency on decompress-response

Changed

• Install the MSDO nuget package via javascript
  • Removes a dependency on dotnet to leverage restore to install the platform cross-platform
• Upgraded dependencies
  • azure-pipelines-task-lib to v4.3.1
  • azure-pipelines-tool-lib to v2.0.4
  • typescript to v5.1.3

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request updates the microsoft/security-devops-action from version v1.6.0 to v1.11.0 in the GitHub Actions workflow file. The update includes several new features and improvements, particularly related to container mapping and integration with Microsoft Defender for Cloud.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Update microsoft/security-devops-action to v1.11.0	Changed the version of microsoft/security-devops-action from v1.6.0 to v1.11.0 Enabled container mapping by default for active Microsoft Defender for Cloud customers Deprecated the 'includeTools' option in favor of the 'tools' option Introduced 'container-mapping' as a new feature for integration with Microsoft Defender for DevOps Added backwards compatibility for '--export-breaking-results-to-file' option Improved node10 backwards compatibility Implemented a new JavaScript NuGet client for MSDO package installation	.github/workflows/defender-for-devops.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!