securityazure-devopsgithub-advanced-security

How to get notified when vulnerabilities found - GHAS for Azure DevOps - Dependency Scanning


With Github Advanced Security for Azure DevOps we have created a nightly build (yaml) which builds our projects and scans for vulnerabilities with the AdvancedSecurity-Dependency-Scanning@1 task.

What should I do to get notified when a (new) vulnerability has been found?

Currently I need check the alerts on multiple repositories each morning.


Solution

  • I am afraid there are no notifications like emails to be sent to inform users that the AdvancedSecurity-Dependency-Scanning@1 pipeline task has detected vulnerabilities, not to menthion when a new vulnerability is first dectected during the pipeline run. As of now the vulnerability details are only visible in the Advance Security hub of each repo that is scanned.

    I can totally understand the requirement for this functionality, which is fairly reasonable and will be helpful for us to discover and resolve the vulnerabilities in a timely manner. Per this current limitation, you may create a feature request via: https://developercommunity.visualstudio.com/report?space=21&entry=suggestion. That will allow you to directly interact with the appropriate Product Group, and make it more convenient for the product group to collect and categorize your suggestions.