web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Vulnerability scanning...
Finance | Project Operations, Human Resources, ...
Unanswered

Vulnerability scanning of AOT packages for FinOps

(0) ShareShare
ReportReport
Posted on by tim_aemo 5

Hi,

     I'm looking for some guidance please on vulnerability scanning of AOT packages for our new Finance & Operations (SaaS) implementation (NB: I'm relatively new to F&O build processes).

As part of our project, we will be developing customisation code that will be built on a Tier 1 environment and then deployed to other environments using LCS. 

My understanding is that the build agent will be creating an AOT package (zip file containing a variety of scripts & binaries). Our organisation has a requirement that all build artifacts are scanned for vulnerabilities before they are deployed. 

So my question is: Are there any scanning tools (X-Ray, CheckMark etc) that are able to scan these packages? 

NB: We will be using the best-practices code checker prior to build, but I don't know whether that will be sufficient for our cyber team. 

Thanks!

Tim

I have the same question (0)
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 299,913 Super User 2025 Season 2 on at
    RE: Vulnerability scanning of AOT packages for FinOps

    Hi Tim,

    I can understand the concerns. I haven't heard of a vulnerability process before. There are some topics to be aware of.

    1) If you have a build pipeline, you can directly add the package to LCS, without user interaction.

    2) A deployable package deployment will follow a runbook process which only takes the files part of a F&O build. If the deployable package (zip file) is not according to the expectations, it will not be accepted to be installed.

  • Sukrut Parab Profile Picture
    Sukrut Parab 71,699 Moderator on at
    RE: Vulnerability scanning of AOT packages for FinOps

    Agree with Andre, never heard of the scanning for vulnerabilities in packages. What's the objective and what's the expected outcome after checking those?

  • tim_aemo Profile Picture
    tim_aemo 5 on at
    RE: Vulnerability scanning of AOT packages for FinOps

    Apologies for the late reply.... We have a policy that all code is vulnerability scanned to make sure no security issues are exposed by custom code.

    We use CheckMarx and X-Ray to scan other binaries that are built by our CI/CD pipelines.

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 299,913 Super User 2025 Season 2 on at
    RE: Vulnerability scanning of AOT packages for FinOps

    Hi Tim,

    I'm not aware of the tools you mentioned. Maybe you can test it and I would be more than happy to learn about the results.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Pallavi Phade – Community Spotlight

We are honored to recognize Pallavi Phade as our Community Spotlight honoree for…

Congratulations to the October Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 734 Super User 2025 Season 2

#2
CA Neeraj Kumar Profile Picture

CA Neeraj Kumar 636

#3
Martin Dráb Profile Picture

Martin Dráb 553 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans