Monitor Deep Dive - Security impact considered in merge requests (AzureDevops)

  • Updated

This article provides more information on how to resolve Security impact considered in merge requests (AzureDevOps).

How to Fix:

What Vanta is checking: 

  • Vanta is explicitly checking that one of the following exists in your Azure DevOps environment.
"/.azuredevops/pull_request_template.md"
"/.azuredevops/pull_request_template.txt"
"/.vsts/pull_request_template.md"
"/.vsts/pull_request_template.txt"
"/docs/pull_request_template.md"
"/docs/pull_request_template.txt"
"/pull_request_template.md"
"/pull_request_template.txt"

The file must exist in one of these locations. If having the templates in one of these locations does not work for your workflows, we recommend deactivating monitoring for this test, and providing manual evidence to show auditors where you are applying your default template for merge requests!

 

Was this article helpful?

Have more questions? Submit a request