| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis | ||
| Id | 0062eb8b-dc75-4718-8ea5-9bb4a9606655 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Services Acquisition control | ||
| Additional metadata |
Name/Id: ACF1605 / Microsoft Managed Control 1605 Category: System and Services Acquisition Title: Developer Security Testing And Evaluation | Static Code Analysis Ownership: Customer, Microsoft Description: The organization requires the developer of the information system, system component, or information system service to employ static code analysis tools to identify common flaws and document the results of the analysis. Requirements: Code reviews are performed as part of the Microsoft Security Development Lifecycle (SDL), including using automated tools. All release builds are run through virus scanning checks and the results are resolved prior to release into production. Automated code analysis tools such as BinSkim, Credential Scanner (CredScan), and other tools are run as determined by the SDL requirements. CredScan is utilized on all official builds in all build pipelines, and either breaking the build process preventing production use or creating work items assigned to the Azure service team for remediation. Malware identification is run on all builds in all pipelines, and it breaks the build if issues are found. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|