This article provides more information on how to resolve Security impact considered in merge requests (AzureDevOps) test.
How to Fix
- Set a default template for pull requests requiring committers and reviewers to evaluate the security impact of their changes.
Follow Azure's instructions for adding a default template here. You can use our recommended templates for pull requests and new tickets, our use your own.
Common Reasons For Failure:
Your AzureDevops pull requests don't include the security impact of feature changes.
What Vanta is checking:
- Vanta is explicitly checking that one of the following exists in your Azure DevOps environment.
"/.azuredevops/pull_request_template.md"
"/.azuredevops/pull_request_template.txt"
"/.vsts/pull_request_template.md"
"/.vsts/pull_request_template.txt"
"/docs/pull_request_template.md"
"/docs/pull_request_template.txt"
"/pull_request_template.md"
"/pull_request_template.txt"
The file must exist in one of these locations. If having the templates in one of these locations does not work for your workflows, we recommend deactivating monitoring for this test, and providing manual evidence to show auditors where you are applying your default template for merge requests!