From a4f5bf87f0feec926fbde97fa8729a6479f2235f Mon Sep 17 00:00:00 2001
From: Drew Davis <davisdre@hotmail.com>
Date: Mon, 23 Dec 2024 22:14:03 -0500
Subject: [PATCH] Create msdevopssec.yml

---
 .github/workflows/msdevopssec.yml | 41 +++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/workflows/msdevopssec.yml

diff --git a/.github/workflows/msdevopssec.yml b/.github/workflows/msdevopssec.yml
new file mode 100644
index 0000000..d3fd85e
--- /dev/null
+++ b/.github/workflows/msdevopssec.yml
@@ -0,0 +1,41 @@
+name: MSDO Sample Workflow
+on:
+  push:
+    branches:
+      - Dev
+
+permissions:
+  id-token: write # This is required for federation to Defender for DevOps
+  security-events: write # This is required to upload SARIF files
+
+jobs:
+  sample:
+    name: MSDO on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [windows-latest, ubuntu-latest]
+
+    steps:
+      
+      # Checkout your code repository to scan
+    - uses: actions/checkout@v3
+
+      # Run analyzers
+    - name: Run Microsoft Security DevOps Analysis
+      uses: microsoft/security-devops-action@v1
+      id: msdo
+
+      # Upload alerts to the Security tab
+    - name: Upload alerts to Security tab
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+
+      # Upload alerts file as a workflow artifact
+    - name: Upload alerts file as a workflow artifact
+      uses: actions/upload-artifact@v3
+      with:  
+        name: alerts
+        path: ${{ steps.msdo.outputs.sarifFile }}