Not a user yet?
Log in Register for free Suggest a product
Update

Trivy dependency scanning for code repositories (Update)

Defender for CloudDefender for Cloud
Microsoft
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

September 2025

Trivy dependency scanning for code repositories (Update)
September 11, 2025

  • Defender for Cloud now includes open-source dependency vulnerability scanning powered by Trivy in filesystem Trivy in filesystem modemode. This helps you strengthen security by automatically detecting operating system and library vulnerabilities across GitHub and Azure DevOps repositories.

Where it applies:

  • In-pipeline (CLI) scanning.
  • Agentless code scanning (preview).

What to do:

  • For Azure DevOps or GitHub, create or edit a connector.
  • For in-pipeline scanning, add the Microsoft Security DevOps (MSDO) CLI tool to your pipeline definition.

Where results appear:

  • Pipeline logs and SARIF files.
  • Defender for Cloud recommendations:
  1. Azure DevOps repositories should have dependency vulnerability scanning findings resolved
  2. GitHub repositories should have dependency vulnerability scanning findings resolved

If you use GitHub Advanced Security dependency scanning, Defender for Cloud now enhances, not replaces those results.
Effective date: September 15, 2025.

Version: September 2025 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft Defender for Cloud updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Banner Logitech