Any experiences that require additional setup is cumbersome, especially when there are multiple people needed. In GitHub Advanced Security for Azure DevOps, we’re working to make it easier to enable features and scale out enablement across your enterprise.You can now automatically inject the dependency scanning task into any pipeline run targeting your default branch. This is a quick way to ensure that your production code (and any code being merged into your production branch) are evaluated for open-source dependency vulnerabilities.Enabling one-click dependency scanning for your repositoryYou’ll need to have the Advanced Security: manage settings permission to make changes to your repository’s Advanced Security enablement. Navigate to a specific repository’s settings page: Project settings > Repositories > Select your repository.If you’re using the standalone products, you first need Code Security enabled. Then, navigate to Options and confirm your selection of Dependency alerts default setup.If you’re using the bundled Advanced Security, enable the checkbox to Scan default branch for vulnerable dependencies.Receiving results from dependency scanningUpon the next execution of a pipeline run targeting your repository’s default branch, the Advanced Security dependency scanning task will be injected near the end of your pipeline. Dependency scanning completes evaluation of your dependencies and any associated vulnerabilities within a few minutes. For repositories where you may not have consistent CI/CD running, we recommend scheduled pipeline runs.If the task is already in your pipeline or you’ve set up your pipelines to skip the dependency scanning task via the DependencyScanning.Skip: true environment variable, the injected task will be skipped. The environment variable is a great option if there are certain pipelines you don’t want to include in your scanning surface area. Alternatively, if there are certain pipeline jobs you wish to skip automated scanning in, you can also set the pipeline variable dependencyScanningInjectionEnabled to false.Upon successful execution of the task, results are uploaded to Advanced Security and available in the Repos > Advanced Security tab for developers to fix any findings.You can also use this to easily set up pull request annotations for dependency scanning. If you have a build validation policy configured for your repository, dependency scanning will also automatically inject into any pull requests that target your default branch. Annotations for new findings appear directly on your pull request after you’ve scanned your default branch at least once, while any findings that exist in both branches will show up in the Advanced Security tab as well.Next stepsGive this feature a try! Our team is also working on more experiences to smooth out the enablement process across Advanced Security. Have any feedback? Please share that with us directly or on Developer Community.Learn more about Advanced Security and dependency scanning.The post Automate your open-source dependency scanning with Advanced Security appeared first on Azure DevOps Blog.