Review pull request annotations in GitHub and Azure DevOps
Resolve security issues in GitHub
To resolve security issues in GitHub:
Navigate through the page and locate an affected file with an annotation.
Follow the remediation steps in the annotation. If you choose not to remediate the annotation, select Dismiss alert.
Select a reason to dismiss:
- Won't fix - The alert is noted but won't be fixed.
- False positive - The alert isn't valid.
- Used in tests - The alert isn't in the production code.
Resolve security issues in Azure DevOps
Once you've configured the scanner, you're able to view all issues that were detected.
To resolve security issues in Azure DevOps:
Sign in to the Azure DevOps.
Navigate to Pull requests.
On the Overview, or files page, locate an affected line with an annotation.
Follow the remediation steps in the annotation.
Select Active to change the status of the annotation and access the dropdown menu.
Select an action to take:
- Active - The default status for new annotations.
- Pending - The finding is being worked on.
- Resolved - The finding has been addressed.
- Won't fix - The finding is noted but won't be fixed.
- Closed - The discussion in this annotation is closed.
DevOps security in Defender for Cloud reactivates an annotation if the security issue isn't fixed in a new iteration.
Learn more
Learn more about DevOps security in Defender for Cloud.
Learn how to Discover misconfigurations in Infrastructure as Code.
Next steps
Now learn more about DevOps security in Defender for Cloud.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for