Azure Security Center/GitHub integration preview
The big news here was that Microsoft revealed to the public the Azure Security Center (ASC) integration with GitHub Actions. This new release was also promoted on Twitter by Microsoft’s Yuri Diogenes.
Basically, the plan is to build a shared tooling and experience, made possible by extending the reporting from all container scans into the Azure Security Center.
This will provide security teams with a better insight and, also, a better understanding of the source for vulnerable container images, as well as the workflows and repositories they come from.
DevSecOps will better manage GitHub Action workflows
With the help of this new integration, DevSecOps teams are allowed to run vulnerability scans, resolve findings, and visualize the security posture of workflows within their CI/CD pipeline.
In other words, CI/CD vulnerability scanning of the container images will help by offering increased visibility, as well as control, and by providing CI/CD scan assessments to Azure Security Center (ASC).
Thus, security teams can access a much wider view across CI/CD pipelines and runtime resources through CI/CD scan assessments in ASC.
Also, DevSecOps teams will now receive more detailed, shared insight into development practices and potentially vulnerable code, containers, and infrastructure.
All the information about how you can set up Azure Security Center for GitHub integration is accessible to everyone by visiting reading the tech community post published by Microsoft.