-
Notifications
You must be signed in to change notification settings - Fork 0
46 lines (39 loc) · 1.24 KB
/
defender-for-devops.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: Microsoft Defender For Devops
on:
push:
branches:
- master
pull_request:
branches:
- master
workflow_dispatch:
jobs:
sample:
name: Microsoft Security DevOps Analysis
# MSDO runs on windows-latest.
# ubuntu-latest and macos-latest supporting coming soon
runs-on: windows-latest
permissions:
contents: read
id-token: write
actions: read
# Write access for security-events is only required for customers looking for MSDO results to appear in the codeQL security alerts tab on GitHub (Requires GHAS)
security-events: write
steps:
# Checkout your code repository to scan
- uses: actions/checkout@v4
# Run analyzers
- name: Run Microsoft Security DevOps Analysis
uses: microsoft/security-devops-action@latest
id: msdo
# Upload alerts to the Security tab
- name: Upload alerts to Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.msdo.outputs.sarifFile }}
# Upload alerts file as a workflow artifact
- name: Upload alerts file as a workflow artifact
uses: actions/upload-artifact@v4
with:
name: alerts
path: ${{ steps.msdo.outputs.sarifFile }}