Merge PR #168 #1195
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This GitHub Actions workflow is designed to integrate Microsoft Defender for DevOps into your CI/CD pipeline. | |
| # It runs on the `windows-latest` environment and is triggered by pushes and pull requests to the `main` branch, | |
| # as well as a scheduled cron job that runs every Saturday at 02:16 UTC. | |
| # | |
| # The workflow performs the following steps: | |
| # 1. Harden Runner: Uses the `step-security/harden-runner` action to enhance the security of the runner environment. | |
| # 2. Checkout Code: Uses the `actions/checkout` action to check out the repository's code. | |
| # 3. Setup .NET: Uses the `actions/setup-dotnet` action to install .NET versions 5.0.x and 6.0.x. | |
| # 4. Run Microsoft Security DevOps: Uses the `microsoft/security-devops-action` to run security and compliance tools. | |
| # 5. Upload Results: Uses the `github/codeql-action/upload-sarif` action to upload the SARIF results to the Security tab in GitHub. | |
| # | |
| # Note: This workflow does not automatically integrate your GitHub organization with Microsoft Defender for DevOps. | |
| # You must create an integration and provide the necessary permissions for reporting data back to Azure. | |
| # For more information, refer to the official documentation: | |
| # - Microsoft Security DevOps action: <https://github.com/microsoft/security-devops-action> | |
| # - Onboarding GitHub with Microsoft Defender for Cloud: <https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github> | |
| # | |
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # | |
| # Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle. | |
| # MSDO installs, configures and runs the latest versions of static analysis tools | |
| # (including, but not limited to, SDL/security and compliance tools). | |
| # | |
| # The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue, | |
| # as well as Windows self hosted agents. ubuntu-latest support coming soon. | |
| # | |
| # For more information about the action , check out <https://github.com/microsoft/security-devops-action> | |
| # | |
| # Please note this workflow does not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration | |
| # and provide permission before this can report data back to azure. | |
| # Read the official documentation here : <https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github> | |
| name: "Microsoft Defender for DevOps" | |
| # Define the events that trigger this workflow | |
| on: | |
| push: | |
| branches: ["main"] # Trigger on push events to the "main" branch | |
| pull_request: | |
| branches: ["main"] # Trigger on pull request events targeting the "main" branch | |
| schedule: | |
| - cron: "16 2 * * 6" # Trigger on a schedule every Saturday at 2:16 AM UTC | |
| jobs: | |
| MSDO: | |
| # Currently, only windows-latest is supported | |
| runs-on: windows-latest | |
| steps: | |
| # Step to harden the runner for security purposes | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 | |
| with: | |
| egress-policy: audit # Set egress policy to audit | |
| # Step to checkout the repository code | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # Step to set up .NET versions 5.0.x and 6.0.x | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0 | |
| with: | |
| dotnet-version: | | |
| 5.0.x | |
| 6.0.x | |
| # Step to run Microsoft Security DevOps | |
| - name: Run Microsoft Security DevOps | |
| uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0 | |
| id: msdo | |
| # Step to upload results to the Security tab | |
| - name: Upload results to Security tab | |
| uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v2.27.0 | |
| with: | |
| sarif_file: ${{ steps.msdo.outputs.sarifFile }} |