Including Credential Scanner in your azure pipeline can save you troubles, with minimal configuration you can have it scan your source code to find credentials. The easiest mistake is storing credential for databases or other services inside configuration file, like web.config for ASP.Net projects or we can left some Token for Cloud resource or services, leaving that resource unprotected.
Modern projects, especially those designed for the cloud, use tons of sensitive data that can be mistakenly stored in source code. The first task I suggest you to look at is Credential Scanner, a simple task that searches source code for potential credentials inside files. Remember that security cannot be enforced only with automated tools nevertheless they are useful to avoid some common mistakes and are not meant to replace security audit of your code. All Tasks in Microsoft Security Code Analysis package are designed to solve a particular problem and to prevent some common mistake. Automatic security scanning tools are not a substitute in any way for human security analysis, remember: if you develop code ignoring security, no tool can save you.ĭespite this fact, there are situation where static analysis can really give you benefit, because it can avoid you some simple and silly errors, that can lead to troubles. Microsoft Security Code Analysis contains a set of Tasks for Azure DevOps pipeline to automate some security checks during building of your software.
0 kommentar(er)
