With Github Advanced Security for Azure DevOps we have created a nightly build (yaml) which builds our projects and scans for vulnerabilities with the AdvancedSecurity-Dependency-Scanning@1
task.
What should I do to get notified when a (new) vulnerability has been found?
Currently I need check the alerts on multiple repositories each morning.
I am afraid there are no notifications like emails to be sent to inform users that the AdvancedSecurity-Dependency-Scanning@1
pipeline task has detected vulnerabilities, not to menthion when a new vulnerability is first dectected during the pipeline run. As of now the vulnerability details are only visible in the Advance Security hub of each repo that is scanned.
I can totally understand the requirement for this functionality, which is fairly reasonable and will be helpful for us to discover and resolve the vulnerabilities in a timely manner. Per this current limitation, you may create a feature request via: https://developercommunity.visualstudio.com/report?space=21&entry=suggestion. That will allow you to directly interact with the appropriate Product Group, and make it more convenient for the product group to collect and categorize your suggestions.