Security Scan is a free commercial-grade security tool for modern DevOps teams
Security Scan is a free commercial-grade security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application and infrastructure code in a single fast scan. The product supports a range of integration options: from scanning every push via a git hook to scanning every build and pull-request in the CI/CD pipelines.
This extension allows you to view the various scan reports generated by the Security Scan tool. To learn how to integrate automated security scanning by integrating Security Scan in your pipeline, follow these docs. Currently, the following reports are available:
Credentials Scan Report
Dependency Scan Report
License Compliance Scan Report
Simply add the following snippet to your build configuration YAML file (Usually azure-pipelines.yaml).