last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis | Regulatory Compliance - System and Services Acquisition

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis
Id 0062eb8b-dc75-4718-8ea5-9bb4a9606655
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Services Acquisition control
Additional metadata Name/Id: ACF1605 / Microsoft Managed Control 1605
Category: System and Services Acquisition
Title: Developer Security Testing And Evaluation | Static Code Analysis
Ownership: Customer, Microsoft
Description: The organization requires the developer of the information system, system component, or information system service to employ static code analysis tools to identify common flaws and document the results of the analysis.
Requirements: Code reviews are performed as part of the Microsoft Security Development Lifecycle (SDL), including using automated tools. All release builds are run through virus scanning checks and the results are resolved prior to release into production. Automated code analysis tools such as BinSkim, Credential Scanner (CredScan), and other tools are run as determined by the SDL requirements. CredScan is utilized on all official builds in all build pipelines, and either breaking the build process preventing production use or creating work items assigned to the Azure service team for remediation. Malware identification is run on all builds in all pipelines, and it breaks the build if issues are found.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC