Sergey sirBlond
chtzvt
/ ghazdo-starter.yml
Last active
March 7, 2024 17:57
Starter Pipeline for GitHub Advanced Security for Azure DevOps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Welcome to the Starter Pipeline for GitHub Advanced Security for Azure DevOps (GHAzDo) | |
| # | |
| # This pipeline enables two core features of GHAzDo for your repository: | |
| # | |
| # - Dependency Scanning, which will examine your application's package manifests | |
| # to find and alert on any vulnerable dependencies you may be using, and | |
| # | |
| # - Code Scanning, which performs static analysis (SAST) of your application's source | |
| # code to identify certain types of security vulnerabilities, along with additional, | |
| # optional quality checks. |