Resolve 'Security impact considered in merge requests (AzureDevops)' test

  • Updated

This article provides more information on how to resolve Security impact considered in merge requests (AzureDevOps) test.

How to Fix

Common Reasons For Failure:

Your AzureDevops pull requests don't include the security impact of feature changes.

 

What Vanta is checking:

  • Vanta is explicitly checking that one of the following exists in your Azure DevOps environment.
"/.azuredevops/pull_request_template.md"
"/.azuredevops/pull_request_template.txt"
"/.vsts/pull_request_template.md"
"/.vsts/pull_request_template.txt"
"/docs/pull_request_template.md"
"/docs/pull_request_template.txt"
"/pull_request_template.md"
"/pull_request_template.txt"

The file must exist in one of these locations. If having the templates in one of these locations does not work for your workflows, we recommend deactivating monitoring for this test, and providing manual evidence to show auditors where you are applying your default template for merge requests!