This task enables you to seamlessly run Orca Security scans within your Azure Pipeline jobs, providing comprehensive application security testing capabilities directly in your CI/CD workflows.
Key Features
Five Major Scan Types Available:
Secrets Scanning (with active verification): Detect exposed secrets and credentials.
Static Application Security Testing (SAST): Identify security vulnerabilities in your source code.
Software Composition Analysis (SCA): Uncover vulnerabilities in your dependencies.
Infrastructure as Code (IaC) Security: Detect misconfigurations in your infrastructure code.
Container Image Scanning: Scan Docker images for vulnerabilities, secrets, and security issues.