dnetoa
commented
1 year ago Closed echeng82 closed 1 year ago
dnetoa
commented
1 year ago 
sukhans
commented
1 year ago Hi,
I have been testing out Cloud Defender for DevOps and the integration with GitHub actions via MSDO and it works well.
The question I have is whether if we can integrate our existing tooling that outputs to Sarif format? For example, we also use Snyk Code (SAST) and SCA and it would be great to integrate the results with Cloud Defender.
I am able to upload the results to the security tab but it looks like the results don't flow through to Cloud Defender?
Do you have a sample for me to look at where this is happening? If the results are flowing into GHAS Security tab, then we should be picking them up for Microsoft Defender for Cloud (Defender for DevOps) view as well.
MKippen
commented
1 year ago Good afternoon, our testing this week confirmed that as long as the Sarif files are being produced and put in the correct location, these should be flowing through to Microsoft Defender for DevOps and Microsoft Defender for Cloud under the recommendation of resolving code vulnerability issues.
Hi,
I have been testing out Cloud Defender for DevOps and the integration with GitHub actions via MSDO and it works well.
The question I have is whether if we can integrate our existing tooling that outputs to Sarif format? For example, we also use Snyk Code (SAST) and SCA and it would be great to integrate the results with Cloud Defender.
I am able to upload the results to the security tab but it looks like the results don't flow through to Cloud Defender?