Update microsoft/security-devops-action action to v1.12.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
microsoft/security-devops-action	action	minor	v1.6.0 → v1.12.0

---

Release Notes

microsoft/security-devops-action (microsoft/security-devops-action)

v1.12.0: Version 1.12.0

Compare Source

Adds support for MSDO upload verb which can be used to upload existing results which were not produced directly by MSDO.

v1.11.0: Enable Container Mapping by Default for Active Customers

Compare Source

In this release, we're enabling the container-mapping tool by default for customers who have onboarded to Microsoft Defender for Cloud and have enabled their GitHub organization.

Those who do not have Microsoft Defender for Cloud enabled on their GitHub organizations will not be able to run the container-mapping workload and it will be automatically skipped.

With this change, we are deprecating the includeTools option. If you would like to manually specify which tools to run, this can still be done via the tools option as before. See the wiki for further instructions.

v1.10.0

Compare Source

This release brings introduces our first pre and post job feature, container-mapping, as an opt-in feature. It runs docker commands to see which containers have been created during the pipeline for integration with Microsoft Defender for DevOps.

To configure Container Mapping to send conatiner data to Microsoft Defender for DevOps, include container-mapping as a tool:

- uses: microsoft/security-devops-action@v1
  id: msdo
  with:
    includeTools: container-mapping

This will run all the analyzers defined by the configured or defaulted policy in addition to container-mapping. To only run this feature, define container-mapping as the only tool to run:

- uses: microsoft/security-devops-action@v1
  id: msdo
  with:
    tools: container-mapping

---

In future releases, we will use this to auto-configure container scanning as well as introduce additional scanning optimizations and capabilities.

v1.9.1

Compare Source

Adds a backwards compatibility check for the --export-breaking-results-to-file which going forward still exists, with corrected behavior, and will use --export-file instead.

v1.8.2

Compare Source

v1.7.2: - node10 backwards compatibility fix

Compare Source

v1.7.2 - 06/22/2023

Fixed

• Added try-catch best effort for gzip json response decompression from nuget.org
• Compile with nodenext moduleResolution so it implements a Promise resolver intead of yield on dynamic module resolution (node v13.2+)
  • Resolves node and node10 task runners

v1.7.0

Compare Source

Added

• The msdo-nuget-client.ts javascript nuget client
• Dependency on adm-zip
• Dependency on decompress-response

Changed

• Install the MSDO nuget package via javascript
  • Removes a dependency on dotnet to leverage restore to install the platform cross-platform
• Upgraded dependencies
  • azure-pipelines-task-lib to v4.3.1
  • azure-pipelines-tool-lib to v2.0.4
  • typescript to v5.1.3

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sourcery-ai]

Reviewer's Guide by Sourcery

The pull request updates the GitHub Action 'microsoft/security-devops-action' from version 1.6.0 to 1.12.0, incorporating several new features and improvements, including support for the MSDO upload verb and enabling container mapping by default for certain users.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Update microsoft/security-devops-action to version 1.12.0.	Updated the action version from v1.6.0 to v1.12.0 in the GitHub workflow configuration. Introduced support for the MSDO upload verb to upload existing results. Enabled container mapping by default for users with Microsoft Defender for Cloud. Deprecated the 'includeTools' option in favor of the 'tools' option. Introduced 'pre' and 'post' job features for container mapping as an opt-in feature. Added backwards compatibility for '--export-breaking-results-to-file'. Fixed node10 backwards compatibility issues.	.github/workflows/defender-for-devops.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud