Security findings for GitHub repositories without GitHub Advanced Security is now GA

Security findings for GitHub repositories without GitHub Advanced Security is now GA
October 21, 2024

The ability to receive security findings for infrastructure-as-code (IaC) misconfigurations, container vulnerabilities, and code weaknesses for GitHub repositories without GitHub Advanced Security is now generally available.

Note that secret scanning, code scanning using GitHub CodeQL, and dependency scanning still require GitHub Advanced Scanning.

To learn more about required licenses, see the DevOps support page. To learn how to onboard your GitHub environment to Defender for Cloud, follow the GitHub onboarding guide. To learn how to configure the Microsoft Security DevOps GitHub Action, see our GitHub Action documentation.