Where can I view the results of the security scans?

Results are primarily viewed in the 'Scans' tab of your Azure Pipeline run. They can also be published to Microsoft Defender for Cloud for centralized enterprise monitoring.

Can I configure the pipeline to fail if vulnerabilities are found?

Yes, the skill provides guidance on using the 'break' and 'breakSeverity' parameters to fail builds based on findings that meet your risk threshold (e.g., Critical or High).

Does this skill support Windows-based build agents?

Yes, it includes mandatory guidelines for using backslashes in file paths on Windows systems to ensure the security tools can correctly locate and scan your source code.

What security tools are included in this integration?

The integration includes several tools for secret detection, SAST (such as ESLint and Bandit), dependency scanning (Trivy), and IaC analysis (Checkov, Terrascan, and Template Analyzer).

Microsoft Defender for DevOps Integration

Name: Microsoft Defender for DevOps Integration
Author: JosiahSiegel

byJosiahSiegel

•

Security & Testing

Integrates comprehensive security scanning into Azure Pipelines using Microsoft Defender for Cloud to automate vulnerability detection.

About

This skill provides Claude with the specialized knowledge required to implement and manage Microsoft Security DevOps (MSDO) within Azure DevOps pipelines. It enables automated security scanning for secrets, static code analysis (SAST), vulnerable dependencies, Infrastructure as Code (IaC), and container images. By standardizing the integration process, it allows teams to establish robust security guardrails, publish SARIF results directly to the Azure DevOps Scans tab, and centralize findings within the Microsoft Defender for Cloud dashboard.

Key Features

Static Application Security Testing (SAST) for modern programming languages.
Automated security scanning for secrets, credentials, and sensitive tokens.
Container image vulnerability assessment utilizing Trivy integration.
7 GitHub stars
Infrastructure as Code (IaC) analysis for Terraform, Bicep, and ARM templates.
Configurable build-breaking logic based on vulnerability severity levels.

Use Cases

Connecting Azure DevOps repositories to Microsoft Defender for Cloud for enterprise-wide security visibility.
Integrating multi-tool security reports into a centralized SARIF-compatible dashboard in Azure DevOps.
Implementing automated security guardrails that block critical vulnerabilities from reaching production.

About

Key Features

Static Application Security Testing (SAST) for modern programming languages.
Automated security scanning for secrets, credentials, and sensitive tokens.
Container image vulnerability assessment utilizing Trivy integration.
7 GitHub stars
Infrastructure as Code (IaC) analysis for Terraform, Bicep, and ARM templates.
Configurable build-breaking logic based on vulnerability severity levels.

Use Cases

Connecting Azure DevOps repositories to Microsoft Defender for Cloud for enterprise-wide security visibility.
Integrating multi-tool security reports into a centralized SARIF-compatible dashboard in Azure DevOps.
Implementing automated security guardrails that block critical vulnerabilities from reaching production.