**We want to hear from you! If you have tested DevOps security in Defender for Cloud please fill out this survey to provide feedback on the Pull Request Annotations feature.**
Written by: Lara Goldstein, Safeena Begum Lepakshi, Charles Oxyer
Introduction:
It is no secret that security and development teams operate in silos. Security administrators often struggle with getting developers to remediate vulnerabilities in code because they are not able to provide remediation guidance and feedback directly within the tools are most familiar with (e.g., GitHub and Azure DevOps). Additionally, for developers that embrace the practice of DevOps, they are used to moving quickly and automating as many processes as possible, causing security to struggle to keep up with the speed of development.
To simplify the remediation process, reduce time to remediation, and help security teams build stronger relationships with developers, DevOps security in Defender for Cloud can expose security findings as annotations in Pull Requests (PR) within Azure DevOps and GitHub Enterprise.
Why Use Pull Request Annotations:
Vulnerabilities and misconfigurations are detected too late in the development cycle, often when code is already deployed. Not only does this make the deployed code a target for bad actors, but it also makes it more expensive to fix the issue. By using PR annotations, security teams can shift left in the development lifecycle and empower developers to remediate security vulnerabilities in their pre-production code.
With PR annotations, get surfaced back to the source code management system as a given line in the Pull Request. Each annotation has the following information:
End-to-End Scenario of using Pull Request Annotations:
An example of a common use-case for Pull Request Annotations is as follows:
Summary:
This blog discussed why Pull Request Annotations are useful for automating security in DevOps environments and provided an example of a common scenario.
More Information:
We want to hear from you! If you have tested DevOps security in Defender for Cloud, please fill out this survey to provide feedback on the Pull Request Annotations feature.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.