This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Git Defender for Cloud Apps gives Git an incredible low rating of 0 in compliance and 2 in legal.
Many points of these are related to things that I find irrelevant e.g. GDPR and Various ISO standards.
These are not required by Git.
Why are these relevant for Git?
It seems even more weird as MS owns github.com, in which Git is absolutely necessary.
Thus, Git is in general blocked by default for most configurations.
Can someone help me understand why this is the case?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Casper Thule Mathiasen Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.
It's possible that the Git Defender for Cloud Apps tool is rating Git as having a low compliance and legal score due to its open source nature and the fact that it is widely used in various industries and regions, which may have different regulations and standards. For example, the General Data Protection Regulation (GDPR) applies to all organizations that process personal data of individuals in the European Union (EU), regardless of whether the organization is based in the EU or not.
Additionally, various ISO standards, such as ISO 27001 for information security management, may also apply to organizations using Git to store sensitive data or code. If Git does not have built-in features to ensure compliance with these regulations and standards, it may receive a lower score in compliance and legal.
It's worth noting that the tool is designed to provide a comprehensive evaluation of cloud applications and their compliance with different regulations and standards. The rating of 0 in compliance and 2 in legal for Git may not necessarily reflect the actual security or compliance of Git itself, but rather the tool's assessment of how well Git fits into a specific organization's compliance and legal requirements.
It's important to evaluate each cloud application on a case-by-case basis, taking into account the specific regulations and standards that apply to the organization and its data. If you have concerns about the rating given to Git by the Git Defender for Cloud Apps tool, it may be useful to consult with a security or compliance expert to get a more in-depth understanding of the issue.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.
Double post
@Casper Thule Mathiasen Thank you for reaching out to us, researched on your ask. Noticed Git and Github both are different.
For Github hosting company in the defender cloud apps portal is showing as Microsoft Azure.
Whereas for Git, Hosting company is showing as Cloudfare
Refer to this articles
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery about sanctioned/unsanctioned apps.
https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-manage-app-governance
https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-feedback
Let me know if you have any further questions, feel free to post back.