Merge pull request #223394 from TerryLanfear/sec-230105

jborsecnik · web-flow · commit a772fb46324b · 2023-01-11T16:03:58.000-08:00
Updating
diff --git a/articles/defender-for-cloud/azure-devops-extension.md b/articles/defender-for-cloud/azure-devops-extension.md
@@ -8,6 +8,9 @@ ms.custom: ignite-2022
 
 # Configure the Microsoft Security DevOps Azure DevOps extension
 
+> [!Note]
+> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension is retired. MSCA is replaced by the Microsoft Security DevOps Azure DevOps extension. MSCA customers should follow the instructions in this article to install and configure the extension.
+
 Microsoft Security DevOps is a command line application that integrates static analysis tools into the development lifecycle. Microsoft Security DevOps installs, configures, and runs the latest versions of static analysis tools (including, but not limited to, SDL/security and compliance tools). Microsoft Security DevOps is data-driven with portable configurations that enable deterministic execution across multiple environments.
 
 The Microsoft Security DevOps uses the following Open Source tools:
diff --git a/articles/security/develop/security-code-analysis-customize.md b/articles/security/develop/security-code-analysis-customize.md
@@ -2,10 +2,10 @@
 title: Customize Microsoft Security Code Analysis tasks
 titleSuffix: Azure
 description: This article describes customizing the tasks in the Microsoft Security Code Analysis extension
-author: sukhans
+author: TerryLanfear
 manager: sukhans
 ms.author: terrylan
-ms.date: 04/18/2022
+ms.date: 01/09/2023
 ms.topic: article
 ms.service: security
 services: azure
@@ -18,7 +18,7 @@ ms.workload: na
 # Configure and customize the build tasks
 
 > [!Note]
-> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension will be retired. Existing MSCA customers will retain their access to MSCA through December 31, 2022. Please refer to the [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) for alternative options in Azure DevOps. For customers planning to migrate to GitHub, you can check out [GitHub Advanced Security](https://docs.github.com/github/getting-started-with-github/about-github-advanced-security).
+> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension is retired. MSCA is replaced by the [Microsoft Security DevOps Azure DevOps extension](/azure/defender-for-cloud/azure-devops-extension). Follow the instructions in [Configure](/azure/defender-for-cloud/azure-devops-extension) to install and configure the extension.
 
 This article describes in detail the configuration options available in each of the build tasks. The article starts with the tasks for security code analysis tools. It ends with the post-processing tasks.
 
diff --git a/articles/security/develop/security-code-analysis-faq.yml b/articles/security/develop/security-code-analysis-faq.yml
@@ -2,10 +2,10 @@
 metadata:
   title: Microsoft Security Code Analysis documentation FAQ | Azure
   description: Learn about the Microsoft Security Code Analysis extension by reviewing frequently asked questions (FAQs).
-  author: sukhans
+  author: TerryLanfear
   manager: sukhans
   ms.author: terrylan
-  ms.date: 04/18/2022
+  ms.date: 01/09/2023
   ms.topic: faq
   ms.service: information-protection
   services: azure
@@ -16,9 +16,7 @@ metadata:
 title: Frequently asked questions | Azure
 summary: |
   > [!Note]
-  > Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension will be retired. Existing MSCA customers will retain their access to MSCA through December 31, 2022. Refer to the [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) for alternative options in Azure DevOps. For customers planning to migrate to GitHub, you can check out [GitHub Advanced Security](https://docs.github.com/github/getting-started-with-github/about-github-advanced-security).
-  
-  Got questions? Check out the following FAQ for more information.
+  > Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension is retired. MSCA is replaced by the [Microsoft Security DevOps Azure DevOps extension](/azure/defender-for-cloud/azure-devops-extension). Follow the instructions in [Configure](/azure/defender-for-cloud/azure-devops-extension) to install and configure the extension.
   
 
 sections:
diff --git a/articles/security/develop/security-code-analysis-onboard.md b/articles/security/develop/security-code-analysis-onboard.md
@@ -1,10 +1,10 @@
 ---
 title: Microsoft Security Code Analysis onboarding guide
 description: Learn how to onboard and install the Microsoft Security Code Analysis extension. See prerequisites and view additional resources.
-author: sukhans
+author: TerryLanfear
 manager: sukhans
 ms.author: terrylan
-ms.date: 04/18/2022
+ms.date: 01/09/2023
 ms.topic: article
 ms.service: security
 services: azure
@@ -17,7 +17,7 @@ ms.workload: na
 # Onboarding and installing
 
 > [!Note]
-> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension will be retired. Existing MSCA customers will retain their access to MSCA through December 31, 2022. Please refer to the [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) for alternative options in Azure DevOps. For customers planning to migrate to GitHub, you can check out [GitHub Advanced Security](https://docs.github.com/github/getting-started-with-github/about-github-advanced-security).
+> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension is retired. MSCA is replaced by the [Microsoft Security DevOps Azure DevOps extension](/azure/defender-for-cloud/azure-devops-extension). Follow the instructions in [Configure](/azure/defender-for-cloud/azure-devops-extension) to install and configure the extension.
 
 Prerequisites to getting started with Microsoft Security Code Analysis:
 
diff --git a/articles/security/develop/security-code-analysis-overview.md b/articles/security/develop/security-code-analysis-overview.md
@@ -1,10 +1,10 @@
 ---
 title: Microsoft Security Code Analysis documentation overview
 description: Learn about the Microsoft Security Code Analysis extension. With this extension, you can add security code analysis to Azure DevOps CI/ID pipelines.
-author: sukhans
+author: TerryLanfear
 manager: sukhans
 ms.author: terrylan
-ms.date: 04/18/2022
+ms.date: 01/09/2023
 ms.topic: article
 ms.service: security
 services: azure
@@ -16,7 +16,7 @@ ms.workload: na
 # About Microsoft Security Code Analysis
 
 > [!Note]
-> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension will be retired. Existing MSCA customers will retain their access to MSCA through December 31, 2022. Please refer to the [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) for alternative options in Azure DevOps. For customers planning to migrate to GitHub, you can check out [GitHub Advanced Security](https://docs.github.com/github/getting-started-with-github/about-github-advanced-security).
+> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension is retired. MSCA is replaced by the [Microsoft Security DevOps Azure DevOps extension](/azure/defender-for-cloud/azure-devops-extension). Follow the instructions in [Configure](/azure/defender-for-cloud/azure-devops-extension) to install and configure the extension.
 
 With the Microsoft Security Code Analysis extension, teams can add security code analysis to their Azure DevOps continuous integration and delivery (CI/CD) pipelines. This analysis is recommended by the [Secure Development Lifecycle (SDL)](https://www.microsoft.com/securityengineering/sdl/practices) experts at Microsoft.
 
diff --git a/articles/security/develop/security-code-analysis-releases.md b/articles/security/develop/security-code-analysis-releases.md
@@ -1,10 +1,10 @@
 ---
 title: Microsoft Security Code Analysis releases
 description: This article describes upcoming releases for the Microsoft Security Code Analysis extension
-author: sukhans
+author: TerryLanfear
 manager: sukhans
 ms.author: terrylan
-ms.date: 04/18/2022
+ms.date: 01/09/2023
 ms.topic: article
 ms.service: security
 services: azure
@@ -17,7 +17,7 @@ ms.workload: na
 # Microsoft Security Code Analysis releases and roadmap
 
 > [!Note]
-> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension will be retired. Existing MSCA customers will retain their access to MSCA through December 31, 2022. Please refer to the [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) for alternative options in Azure DevOps. For customers planning to migrate to GitHub, you can check out [GitHub Advanced Security](https://docs.github.com/github/getting-started-with-github/about-github-advanced-security).
+> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension is retired. MSCA is replaced by the [Microsoft Security DevOps Azure DevOps extension](/azure/defender-for-cloud/azure-devops-extension). Follow the instructions in [Configure](/azure/defender-for-cloud/azure-devops-extension) to install and configure the extension.
 
 Microsoft Security Code Analysis team in partnership with Developer Support is proud to announce recent and upcoming enhancements to our MSCA extension.
 
diff --git a/articles/security/develop/yaml-configuration.md b/articles/security/develop/yaml-configuration.md
@@ -1,10 +1,10 @@
 ---
 title: Microsoft Azure Security Code Analysis task customization guide
 description: This article describes lists YAML configuration options for customizing all tasks in the Microsoft Security Code Analysis extension
-author: sukhans
+author: TerryLanfear
 manager: sukhans
 ms.author: terrylan
-ms.date: 04/18/2022
+ms.date: 01/09/2023
 ms.topic: article
 ms.service: security
 services: azure
@@ -16,7 +16,7 @@ ms.workload: na
 # YAML configuration options to customize the build tasks
 
 > [!Note]
-> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension will be retired. Existing MSCA customers will retain their access to MSCA through December 31, 2022. Please refer to the [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) for alternative options in Azure DevOps. For customers planning to migrate to GitHub, you can check out [GitHub Advanced Security](https://docs.github.com/github/getting-started-with-github/about-github-advanced-security).
+> Effective December 31, 2022, the Microsoft Security Code Analysis (MSCA) extension is retired. MSCA is replaced by the [Microsoft Security DevOps Azure DevOps extension](/azure/defender-for-cloud/azure-devops-extension). Follow the instructions in [Configure](/azure/defender-for-cloud/azure-devops-extension) to install and configure the extension.
 
 This article lists all YAML configuration options available in each of the build tasks. The article starts with the tasks for security code analysis tools. It ends with the post-processing tasks.
 
@@ -95,7 +95,7 @@ This article lists all YAML configuration options available in each of the build
 |------------|---------------|-----------------------|----------|---------------------------|----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | RuleLibrary | pickList | always | True | tslint | custom, microsoft, tslint | All results include the rules shipped with the selected version of TSLint (**Base Only**).<br/><br/>**Base Only -** Only the rules shipped with TSLint.<br/><br/>**Include Microsoft Rules -** Downloads [tslint-microsoft-contrib](https://github.com/Microsoft/tslint-microsoft-contrib) and includes its rules to be available for use in the TSLint run. Choosing this option hides the `Type Checking` checkbox, as it is required by Microsoft's rules and will automatically be used. It also unhides the `Microsoft Contribution Version` field, allowing a version of the `tslint-microsoft-contrib` from [npm](https://www.npmjs.com/package/tslint-microsoft-contrib) to be selected.<br/><br/>**Include Custom Rules -** Unhides the `Rules Directory` field, which accepts an accessible path to a directory of TSLint rules to be available for use in the TSLint run.<br/><br/>**Note:** The default value has changed to tslint, as many users have experienced issues configuring the Microsoft ruleset. For specific version configuration, please see [tslint-microsoft-contrib on GitHub](https://github.com/microsoft/tslint-microsoft-contrib).
 | RulesDirectory | string | RuleLibrary == custom | True |  |  | An accessible directory containing additional TSLint rules to be available for use in the TSLint run.
-| Ruleset | pickList | RuleLibrary != microsoft | True | tsrecommended | custom, tslatest, tsrecommended | Defines the rules to run against TypeScript files.<br/><br/>**[tslint:latest](https://github.com/palantir/tslint/blob/master/src/configs/latest.ts) -** Extends `tslint:recommended` and is continuously updated to include configuration for the latest rules in every TSLint release. Using this config may introduce breaking changes across minor releases as a new rules are enabled which cause lint failures in your code. When TSLint reaches a major version bump, `tslint:recommended` will be updated to be identical to `tslint:latest`.<br/><br/>**[tslint:recommended](https://github.com/palantir/tslint/blob/master/src/configs/recommended.ts) -** A stable, somewhat opinionated set of rules which TSLint encourages for general TypeScript programming. This configuration follows `semver`, so it will *not* have breaking changes across minor or patch releases.
+| Ruleset | pickList | RuleLibrary != microsoft | True | tsrecommended | custom, tslatest, tsrecommended | Defines the rules to run against TypeScript files.<br/><br/>**[tslint:latest](https://github.com/palantir/tslint/blob/master/src/configs/latest.ts) -** Extends `tslint:recommended` and is continuously updated to include configuration for the latest rules in every TSLint release. Using this config may introduce breaking changes across minor releases as new rules are enabled which cause lint failures in your code. When TSLint reaches a major version bump, `tslint:recommended` will be updated to be identical to `tslint:latest`.<br/><br/>**[tslint:recommended](https://github.com/palantir/tslint/blob/master/src/configs/recommended.ts) -** A stable, somewhat opinionated set of rules which TSLint encourages for general TypeScript programming. This configuration follows `semver`, so it will *not* have breaking changes across minor or patch releases.
 | RulesetMicrosoft | pickList | RuleLibrary == microsoft | True | mssdlrequired | custom, msrecommended, mssdlrecommended, mssdlrequired, tslatest, tsrecommended | Defines the rules to run against TypeScript files.<br/><br/>**[microsoft:sdl-required](https://github.com/Microsoft/tslint-microsoft-contrib/wiki/TSLint-and-the-Microsoft-Security-Development-Lifecycle) -** Run all of the available checks provided by tslint and the tslint-microsoft-contrib rules that satisfy the *required* [Security Development Lifecycle (SDL)](https://www.microsoft.com/sdl/) policies.<br/><br/>**[microsoft:sdl-recommended](https://github.com/Microsoft/tslint-microsoft-contrib/wiki/TSLint-and-the-Microsoft-Security-Development-Lifecycle) -** Run all of the available checks provided by tslint and the tslint-microsoft-contrib rules that satisfy the *required and recommended* [Security Development Lifecycle (SDL)](https://www.microsoft.com/sdl/) policies.<br/><br/>**microsoft:recommended** All checks that are recommended by the creators of the tslint-microsoft-contrib rules. This includes security and non-security checks.<br/><br/>**[tslint:latest](https://github.com/palantir/tslint/blob/master/src/configs/latest.ts) -** Extends `tslint:recommended` and is continuously updated to include configuration for the latest rules in every TSLint release. Using this config may introduce breaking changes across minor releases as a new rules are enabled which cause lint failures in your code. When TSLint reaches a major version bump, `tslint:recommended` will be updated to be identical to `tslint:latest`.<br/><br/>**[tslint:recommended](https://github.com/palantir/tslint/blob/master/src/configs/recommended.ts) -** A stable, somewhat opinionated set of rules which TSLint encourages for general TypeScript programming. This configuration follows `semver`, so it will *not* have breaking changes across minor or patch releases.
 | RulesetFile | string | Ruleset == custom OR RulesetMicrosoft == custom | True |  |  | A [configuration file](https://palantir.github.io/tslint/usage/cli/) specifying which rules to run.<br/><br/>The path to the config will be added as the path for [custom rules](https://palantir.github.io/tslint/develop/custom-rules/).
 | FileSelectionType | pickList | always | True | fileGlob | fileGlob, projectFile | 
@@ -107,8 +107,8 @@ This article lists all YAML configuration options available in each of the build
 | OutputFormat | pickList | always | True | json | checkstyle, codeFrame, filesList, json, msbuild, pmd, prose, stylish, verbose, vso | The [formatter](https://palantir.github.io/tslint/formatters/) to use to generate output. Note that the JSON format is compatible with Post Analysis.
 | NodeMemory | string | always | False |  |  | An explicit amount of memory in MBs to allocate to node for running TSLint. Example: 8000<br/><br/>Maps to the `--max_old_space=<value>` CLI option for node, which is a `v8 option`.
 | ToolVersion | pickList | RuleLibrary != microsoft | True | latest | 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.2, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.5.0, latest | The [version](https://github.com/palantir/tslint/releases) of TSLint to download and run.
-| TypeScriptVersion | pickList | always | True | latest | 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.9.0, 0.9.1, 0.9.5, 0.9.7, 1.0.0, 1.0.1, 1.3.0, 1.4.1, 1.5.3, 1.6.2, 1.7.3, 1.7.5, 1.8.0, 1.8.10, 1.8.2, 1.8.5, 1.8.6, 1.8.7, 1.8.9, 1.9.0, 2.0.0, 2.0.10, 2.0.2, 2.0.3, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1.1, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, custom, latest | The version of [typescript](https://www.npmjs.com/package/typescript) to download and use.<br/>**Note:** This needs to be the same version of TypeScript as is used to compile your code.
-| TypeScriptVersionCustom | string | TypeScriptVersion == custom | True | latest |  | The version of [typescript](https://www.npmjs.com/package/typescript) to download and use.<br/>**Note:** This needs to be the same version of TypeScript as is used to compile your code.
+| TypeScriptVersion | pickList | always | True | latest | 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.9.0, 0.9.1, 0.9.5, 0.9.7, 1.0.0, 1.0.1, 1.3.0, 1.4.1, 1.5.3, 1.6.2, 1.7.3, 1.7.5, 1.8.0, 1.8.10, 1.8.2, 1.8.5, 1.8.6, 1.8.7, 1.8.9, 1.9.0, 2.0.0, 2.0.10, 2.0.2, 2.0.3, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1.1, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, custom, latest | The version of [TypeScript](https://www.npmjs.com/package/typescript) to download and use.<br/>**Note:** This needs to be the same version of TypeScript as is used to compile your code.
+| TypeScriptVersionCustom | string | TypeScriptVersion == custom | True | latest |  | The version of [TypeScript](https://www.npmjs.com/package/typescript) to download and use.<br/>**Note:** This needs to be the same version of TypeScript as is used to compile your code.
 | MicrosoftContribVersion | pickList | RuleLibrary == microsoft |  | latest | 4.0.0, 4.0.1, 5.0.0, 5.0.1, latest | The version of [tslint-microsoft-contrib](https://www.npmjs.com/package/tslint-microsoft-contrib) (SDL Rules) to download and use.</br>**Note:** The version of [tslint](https://www.npmjs.com/package/tslint) will be chosen that is compatible with the version chosen for tslint-microsoft-contrib. Updates to tslint-microsoft-contrib will be gated by this build task, until a period of testing can occur.
 
 ## Publish Security Analysis Logs task
@@ -161,4 +161,4 @@ This article lists all YAML configuration options available in each of the build
 
 ## Next steps
 
-If you have further questions about the Security Code Analysis extension and the tools offered, check out [our FAQ page](security-code-analysis-faq.yml).
+If you have further questions about the Security Code Analysis extension and the tools offered, check out [our FAQ page](security-code-analysis-faq.yml).
