Build: Add Microsoft Security DevOps action to pipelines
johnemau opened this issue · comments
John (he/him) commented
I propose adding Microsoft Security DevOps (MSDO) Github action to webhint pipelines.
MSDO is a tool aggregator that runs multiple static analysis tools against a code base identifying anti-patterns and known vulnerabilities (similar to webhint). We would benefit most from MSDO's ESlint SDL.
Adding MSDO would help secure webhint and webhint consumers.
Implemented in: #5177
John (he/him) commented
There is a blocking bug upstream preventing this issue from moving forward: microsoft/security-devops-action#21