This repository was archived by the owner on Apr 6, 2026. It is now read-only.

Reimplemented Dev Center - Dev Box Definitions using AzAPI #12

	name: Azure Terraform Security Scan

	on:
	pull_request:
	paths:
	- '**.tf'
	- '**.tfvars'
	- '.github/workflows/terraform-security-msdo.yml'

	permissions:
	contents: read
	security-events: write
	pull-requests: write
	id-token: write

	jobs:
	security-scan:
	name: MSDO Security Scan
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.event.pull_request.head.sha }}
	- uses: microsoft/security-devops-action@v1.12.0
	id: msdo
	with:
	tools: checkov,terrascan,trivy
	policy: microsoft
	categories: IaC
	- uses: github/codeql-action/upload-sarif@v3
	if: success() \|\| failure()
	with:
	sarif_file: ${{ steps.msdo.outputs.sarifFile }}

Provide feedback