Integrate Defender for Cloud CLI with Popular CI/CD Tools

December 2024 Update 2

Sensitivity scanning capabilities now include Azure file shares
December 17, 2024

Defender for Cloud's Security Posture Management (CSPM) sensitivity scanning capabilities now include Azure file shares in GA in addition to blob containers.

Before this update, enabling the Defender CSPM plan on a subscription would automatically scan blob containers within storage accounts for sensitive data. With this update, Defender for CSPM's sensitivity scanning feature now includes file shares within those storage accounts. This enhancement improves the risk assessment and protection of sensitive storage accounts, providing a more comprehensive analysis of potential risks.

Integrate Defender for Cloud CLI with Popular CI/CD Tools
Defender for Cloud CLI scanning integration with popular CI/CD tools in Microsoft Defender for Cloud is now available for public preview. The CLI can now be incorporated into CI/CD pipelines to scan and identify security vulnerabilities in containerized source code. This feature assists development teams in detecting and addressing code vulnerabilities during pipeline execution. It requires authentication to Microsoft Defender for Cloud and modifications to the pipeline script. Scan results will be uploaded to Microsoft Defender for Cloud, allowing security teams to view and correlate them with containers in the container registry. This solution delivers continuous and automated insights to expedite risk detection and response, ensuring security without disrupting workflows.

Use cases:

• Pipeline scanning within CI/CD tools: Securely monitor all pipelines that invoke the CLI.
• Early vulnerability detection: Results are published in the pipeline and sent to Microsoft Defender for Cloud.
• Continuous security insights: Maintain visibility and respond swiftly across development cycles without hindering productivity.