Extension for Azure DevOps that shows the number of open security alerts from GitHub Advanced Security for Azure DevOps, for the configured repository. Please install it and let me know what you think! Create an issue for feedback or feature requests.
Install from the marketplace: https://marketplace.visualstudio.com/items?itemName=RobBos.GHAzDoWidget
- Show all three alert counts in one widget in 2 by 1 layout
- Split it into three separate widgets with just the single value you scan for (1x1 or 2x1)
- Show a trend line of all alerts in the last 3 weeks (2x2,3x2,4x2)
- Show a pie chart with the distribution of alerts based on the severity level (2x2,3x2,4x2)
Note: only project level dashboards are supported at the moment.
This extension also adds a dashboard to the menu that shows the overall status of the entire project. All alerts from all repositories are loaded and shown in a single dashboard.
- Advanced-Security-Review: lets you check the pull request for newly introduced alerts from Dependency Scanning or Code Scanning (configurable). If new alerts are introduced, the task will fail.
Note:
- Needs to run in a PR context, or it will be skipped.
- The DependencyScanTask needs to have run on the source branch of the PR before the PR check runs
If new alerts are found in the source branch (compared to the target branch), the task will fail:
Please report issues, feature request, and feedback here: https://github.com/rajbos/GHAzDo-widget.