I'm curious if anyone here has had experience with the DevOps Security feature in Defender for Cloud. How effective is it? We're planning to implement it in our environment, and I'd love to hear your insights and backgrounds about your experiences with it. Any thoughts would be appreciated!
4 Answers
Honestly, I found it pretty useless. You don't really need it to benefit from Azure DevOps Advanced Security or GitHub Advanced Security. A lot of recommendations seem to be more about upselling you on features than providing real help. Connecting it to DevOps didn’t seem worth it for me at all.
I've tried using it a couple of times and ran into multiple issues. The installation kept failing, secret scanning didn’t detect any sensitive data I committed, and the pull request annotations seemed to work only once. Even GitHub Advanced Security didn’t flag major vulnerabilities I purposely added to test it out. Now I can’t even install it anymore because it claims I don’t have the Defender plan activated, even though I do. I'm pretty much over it; it feels completely useless to me.
I had a pilot program with it ages ago. It worked but honestly, you can find most of the tools it offers as open source alternatives that you can just integrate yourself. For example, container scanning uses Trivy and IaC scanning is done with TemplateAnalyzer. I personally go with MegaLinter in my projects, and while I miss out on the unified dashboard, I don’t think it’s worth the investment for what you get.
It seems like a dead product to me. I've opened a GitHub issue that’s been sitting there for months without any response from support. I followed all the documentation for setting it up in pipelines, and it never worked. It’s been really frustrating.
Related Questions
Daily Protein Intake Calculator
Daily Calorie Intake Calculator
BMI Calculator – Check Your Body Mass Index Instantly
Scavenger Hunt Team Randomizer
Student Group Randomizer
Random Group Generator