You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/defender-partner-applications.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,11 +10,11 @@ ms.date: 11/15/2023
10
10
11
11
# Partner applications in Microsoft Defender for Cloud for API security testing (preview)
12
12
13
-
Microsoft Defender for Cloud supports third-party tools to help enhance the existing runtime security capabilities that are provided by Defender for APIs. Defender for Cloud supports proactive API security testing capabilities in early stages of the development lifecycle (including DevOps pipelines).
13
+
Microsoft Defender for Cloud supports third-party tools to help enhance the existing runtime security capabilities that are provided by Defender for APIs. Defender for Cloud supports proactive API security testing capabilities in early stages of the development lifecycle (including source code repositories & CI/CD pipelines).
14
14
15
15
## Overview
16
16
17
-
The support for third-party solutions helps to further streamline, integrate, and orchestrate security findings from other vendors with Microsoft Defender for Cloud. This support enables full lifecycle API security, and the ability for security teams to effectively discover and remediate API security vulnerabilities before they are deployed in production.
17
+
The support for third-party solutions helps to further streamline, integrate, and orchestrate security findings from partner solutions with Microsoft Defender for Cloud. This support enables full lifecycle API security, and the ability for security teams to effectively discover and remediate API security vulnerabilities before they are deployed in production.
18
18
19
19
The security scan results from partner applications are now available within Defender for Cloud, ensuring that central security teams have visibility into the health of APIs within the Defender for Cloud recommendation experience. These security teams can now take governance steps that are natively available through Defender for Cloud recommendations, and extensibility to export scan results from the Azure Resource Graph into management tools of their choice.
20
20
@@ -29,13 +29,15 @@ This feature requires a GitHub connector in Defender for Cloud. See [how to onbo
29
29
| Release state | Preview <br> The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.|
30
30
| Required/preferred environmental requirements | APIs within source code repository, including API specification files such as OpenAPI, Swagger. |
31
31
| Clouds | Available in commercial clouds. Not available in national/sovereign clouds (Azure Government, Microsoft Azure operated by 21Vianet). |
32
-
| Source code management systems |GitHub-supported versions: GitHub Free, Pro, Team, and GitHub Enterprise Cloud. This also requires a license for GitHub Advanced Security (GHAS). |
32
+
| Source code management systems |[GitHub Enterprise Cloud](https://docs.github.com/enterprise-cloud@latest/admin/overview/about-github-enterprise-cloud). This also requires a license for GitHub Advanced Security (GHAS). <br> <br > [Azure DevOps Services](https://azure.microsoft.com/products/devops/)|
33
33
34
34
## Supported applications
35
35
36
-
| Logo | Partner name | Description | Enablement Guide |
| :::image type="content" source="media/defender-partner-applications/42crunch-logo.png" alt-text="42Crunch logo."::: |[42Crunch](https://aka.ms/APISecurityTestingPartnershipIgnite2023)| Developers can proactively test and harden APIs within their CI/CD pipelines through static and dynamic testing of APIs against the top OWASP API risks and OpenAPI specification best practices. |[42Crunch onboarding guide](onboarding-guide-42crunch.md)|
|[42Crunch](https://aka.ms/APISecurityTestingPartnershipIgnite2023)| Developers can proactively test and harden APIs within their CI/CD pipelines through static and dynamic testing of APIs against the top OWASP API risks and OpenAPI specification best practices. |[42Crunch onboarding guide](onboarding-guide-42crunch.md)|
39
+
|[StackHawk](https://aka.ms/APISecurityTestingPRStackHawk)| StackHawk is the only modern DAST and API security testing tool that runs in CI/CD, enabling developers to quickly find and fix security issues before they hit production. |[StackHawk onboarding guide](https://aka.ms/APISecurityTestingOnboardingGuideStackHawk)|
40
+
|[Bright Security](https://aka.ms/APISecurityTestingPRBrightSecurity)| Bright Security’s dev-centric DAST platform empowers both developers and AppSec professionals with enterprise grade security testing capabilities for web applications, APIs, and GenAI and LLM applications. Bright knows how to deliver the right tests, at the right time in the SDLC, in developers and AppSec tools and stacks of choice with minimal false positives and alert fatigue. |[Bright Security onboarding guide](https://aka.ms/APISecurityTestingOnboardingGuideBrightSecurity)|
0 commit comments