Static code analysis is a mechanism to find and fix security vulnerabilities in source code without running the software. This blog explains how to integrate Microsoft Security DevOps to a build pipeline, which installs and configures static code analysis tools against your source code.
Pre-requisites:
- Azure DevOps build pipeline
- Build agent which has .NET 6 (for MicrosoftSecurityDevOps build task) and NET 3.1 (CredScan analyzer) installed.
