This article provides more information on how to resolve Security impact considered in merge requests (AzureDevOps).
How to Fix:
- Use the the instructions here to implement our recommended template (or your own).
What Vanta is checking:
- Vanta is explicitly checking that one of the following exists in your Azure DevOps environment.
"/.azuredevops/pull_request_template.md"
"/.azuredevops/pull_request_template.txt"
"/.vsts/pull_request_template.md"
"/.vsts/pull_request_template.txt"
"/docs/pull_request_template.md"
"/docs/pull_request_template.txt"
"/pull_request_template.md"
"/pull_request_template.txt"
The file must exist in one of these locations. If having the templates in one of these locations does not work for your workflows, we recommend deactivating monitoring for this test, and providing manual evidence to show auditors where you are applying your default template for merge requests!