software

Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available

Published: (May 5, 2026 at 10:24 AM EDT)
2 min read
Source: GitHub Changelog

Source: GitHub Changelog

This integration is now generally available. Since entering public preview, we’ve heard valuable feedback from customers, and we’ve shipped follow‑up improvements that bring artifact and runtime context closer to the GitHub Advanced Security alert experience.

The integration connects code, build artifacts, and runtime context so you can track, prioritize, and remediate the security risks most relevant to your environment.

Defender for Cloud correlates what’s running in your cloud environments back to the source code that produced it. Defender maps container images deployed in your environments to the GitHub repositories that built them, using signals like GitHub artifact attestations alongside its own runtime intelligence.

Once Defender for Cloud links an artifact to its source, you can evaluate security findings in the context of where and how the code runs.

Runtime risk context from Microsoft Defender for Cloud

Defender for Cloud also brings workload details into GitHub through the Deployment Record API, populating the linked artifacts view with runtime context for each deployed artifact—such as whether it’s internet‑exposed or processes sensitive data. With this context on GitHub, your security and development teams share a single source of truth for how build artifacts run and the risks they pose.

Runtime‑aware filtering and campaign targeting

GitHub Advanced Security supports runtime context filters across GitHub code scanning, Dependabot, and security campaigns. You’ll find these filter options in organization‑level alert lists and campaign creation flows:

  • Filter by deployment status using has:deployment.
  • Focus on runtime risks with runtime-risk: (e.g., runtime-risk:internet-exposed or runtime-risk:sensitive-data).

Getting started

  • To enable the integration, follow the setup steps in the Microsoft Defender for Cloud documentation for GitHub Advanced Security. Once connected, Defender handles container deployments and runtime risk context automatically.
  • Use the new filter options in security views to focus triage and campaigns on what’s deployed and exposed.
  • Assign critical security issues or campaigns to the GitHub Copilot coding agent directly from the issue or campaign view.

Join the discussion in the GitHub Community.

0 views
#software #github #updates
View source
Share:
Back to Blog

Related posts

Read more »

Upcoming deprecation of GPT-4.1

Deprecation Details We will deprecate the following model across all GitHub Copilot experiences including Copilot Chat, inline edits, ask and agent modes, and...

Claude Sonnet 4 deprecated

Deprecation Notice We have deprecated the following model across all GitHub Copilot experiences including Copilot Chat, inline edits, ask and agent modes, and...