Azure Devops – OSS Scanning using WhiteSource
Posted in Azure, AzureDevOps
Its about time your AzureDevops builds were scanning for OSS vulnerabilities, well your in luck as you can use this Marketplace Extension which is FREE: – https://marketplace.visualstudio.com/azuredevops/
One you add the extension to your Organization you can add it into your build like so:-
This will scan your oss code and give you a detailed report on any vulnerabilities within your Azure Devops repository – #winning.
I have added it to a build I have and here is a sample of the report which you’ll see produced once you’ve added it into the build step.
The report looks like this: –
And below this you’ll see the following: –
An you’ll also see this: –
And this:-
Now you’ll get a report on open source vulnerabilities in your builds 🙂
[…] Azure Devops – OSS Scanning using WhiteSource (Gregor Suttie) […]
[…] Azure Devops Open Source Scan your code – Scan your code for open source vulnerabilities and learn whats out of date within your project and also what vulnerabilities those versions may contain. […]