From abb5754cad4f02938717af8c35c0b96ccbffb7c4 Mon Sep 17 00:00:00 2001
From: Calin Lupas <lupas_calin@yahoo.com>
Date: Thu, 24 Apr 2025 21:14:37 -0400
Subject: [PATCH] Update MSDO workflow to specify tools for analysis

---
 .github/workflows/MSDO-Microsoft-Security-DevOps.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/MSDO-Microsoft-Security-DevOps.yml b/.github/workflows/MSDO-Microsoft-Security-DevOps.yml
index b8bedf4..a28c17b 100644
--- a/.github/workflows/MSDO-Microsoft-Security-DevOps.yml
+++ b/.github/workflows/MSDO-Microsoft-Security-DevOps.yml
@@ -33,12 +33,12 @@ jobs:
     - name: Run Microsoft Security DevOps
       uses: microsoft/security-devops-action@v1.12.0
       id: msdo
-    # with:
+      with:
       # config: string. Optional. A file path to an MSDO configuration file ('*.gdnconfig').
       # policy: 'GitHub' | 'microsoft' | 'none'. Optional. The name of a well-known Microsoft policy. If no configuration file or list of tools is provided, the policy may instruct MSDO which tools to run. Default: GitHub.
       # categories: string. Optional. A comma-separated list of analyzer categories to run. Values: 'code', 'artifacts', 'IaC', 'containers'. Example: 'IaC, containers'. Defaults to all.
       # languages: string. Optional. A comma-separated list of languages to analyze. Example: 'javascript,typescript'. Defaults to all.
-      # tools: string. Optional. A comma-separated list of analyzer tools to run. Values: 'bandit', 'binskim', 'checkov', 'eslint', 'templateanalyzer', 'terrascan', 'trivy'.
+        tools: 'bandit, binskim, checkov, container-mapping, templateanalyzer, terrascan, trivy'
    
     # Upload alerts to the Security tab - required for MSDO results to appear in the codeQL security alerts tab on GitHub (Requires GHAS)
     - name: Upload results to Security tab