microsoft · Roopan-Microsoft · Oct 14, 2025 · Sep 25, 2025 · Sep 29, 2025 · Sep 29, 2025
@@ -2,7 +2,7 @@ name: Validate Deployment v3
 
 on:
   workflow_run:
-    workflows: ["Build Docker and Optional Push"]
+    workflows: ["Build Docker and Optional Push v3"]
     types:
       - completed
     branches:

@@ -120,9 +120,7 @@ def get_azure_credential(self, client_id=None):
             Credential object: Either DefaultAzureCredential or ManagedIdentityCredential.
         """
         if self.APP_ENV == "dev":
-            return (
-                DefaultAzureCredential()
-            )  # CodeQL [SM05139] Okay use of DefaultAzureCredential as it is only used in development
+            return DefaultAzureCredential()  # CodeQL [SM05139]: DefaultAzureCredential is safe here
         else:
             return ManagedIdentityCredential(client_id=client_id)
 

@@ -5,7 +5,6 @@
 import uuid
 from typing import List, Optional
 
-from azure.identity import DefaultAzureCredential as SyncDefaultAzureCredential
 from common.config.app_config import config
 from common.models.messages_kernel import TeamConfiguration
 from semantic_kernel.agents.orchestration.magentic import MagenticOrchestration
@@ -46,7 +45,7 @@ async def init_orchestration(
             max_tokens=4000, temperature=0.1
         )
 
-        credential = SyncDefaultAzureCredential()
+        credential = config.get_azure_credential(client_id=config.AZURE_CLIENT_ID)
 
         def get_token():
             token = credential.get_token("https://cognitiveservices.azure.com/.default")