Git blocked by defender for cloud apps - Extremely low rating of 2

Casper Thule Mathiasen 0 Reputation points
2023-01-31T11:20:23.7666667+00:00

Git Defender for Cloud Apps gives Git an incredible low rating of 0 in compliance and 2 in legal.
Many points of these are related to things that I find irrelevant e.g. GDPR and Various ISO standards.
These are not required by Git.
Why are these relevant for Git?

It seems even more weird as MS owns github.com, in which Git is absolutely necessary.

Thus, Git is in general blocked by default for most configurations.

Can someone help me understand why this is the case?

defender

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,691 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,117 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Limitless Technology 43,966 Reputation points
    2023-02-02T12:53:41.8366667+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.

    It's possible that the Git Defender for Cloud Apps tool is rating Git as having a low compliance and legal score due to its open source nature and the fact that it is widely used in various industries and regions, which may have different regulations and standards. For example, the General Data Protection Regulation (GDPR) applies to all organizations that process personal data of individuals in the European Union (EU), regardless of whether the organization is based in the EU or not.

    Additionally, various ISO standards, such as ISO 27001 for information security management, may also apply to organizations using Git to store sensitive data or code. If Git does not have built-in features to ensure compliance with these regulations and standards, it may receive a lower score in compliance and legal.

    It's worth noting that the tool is designed to provide a comprehensive evaluation of cloud applications and their compliance with different regulations and standards. The rating of 0 in compliance and 2 in legal for Git may not necessarily reflect the actual security or compliance of Git itself, but rather the tool's assessment of how well Git fits into a specific organization's compliance and legal requirements.

    It's important to evaluate each cloud application on a case-by-case basis, taking into account the specific regulations and standards that apply to the organization and its data. If you have concerns about the rating given to Git by the Git Defender for Cloud Apps tool, it may be useful to consult with a security or compliance expert to get a more in-depth understanding of the issue.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments

  2. Limitless Technology 43,966 Reputation points
    2023-02-02T12:53:53.6566667+00:00

    Double post

    0 comments No comments

  3. Givary-MSFT 24,971 Reputation points Microsoft Employee
    2023-02-09T04:17:16.88+00:00

    @Casper Thule Mathiasen Thank you for reaching out to us, researched on your ask. Noticed Git and Github both are different.

    For Github hosting company in the defender cloud apps portal is showing as Microsoft Azure.

    User's image

    Whereas for Git, Hosting company is showing as Cloudfare

    User's image

    Refer to this articles

    https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery about sanctioned/unsanctioned apps.

    https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-manage-app-governance

    https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-feedback

    Let me know if you have any further questions, feel free to post back.

    0 comments No comments