This release brings introduces our first pre and post job feature, container-mapping, as an opt-in feature. It runs docker commands to see which containers have been created during the pipeline for integration with Microsoft Defender for DevOps.
To configure Container Mapping to send conatiner data to Microsoft Defender for DevOps, include container-mapping as a tool:
- uses: microsoft/security-devops-action@v1
id: msdo
with:
includeTools: container-mappingThis will run all the analyzers defined by the configured or defaulted policy in addition to container-mapping. To only run this feature, define container-mapping as the only tool to run:
- uses: microsoft/security-devops-action@v1
id: msdo
with:
tools: container-mappingIn future releases, we will use this to auto-configure container scanning as well as introduce additional scanning optimizations and capabilities.