Microsoft's Security Response Center has released a blog post explaining its response to the "NotLegit" bug in Azure that was discovered by cloud security company Wiz.

Wiz said all PHP, Node, Ruby, and Python applications that were deployed using "Local Git" on a clean default application in Azure App Service since September 2017 are affected. They added that all PHP, Node, Ruby, and Python applications that were deployed in Azure App Service from September 2017 onward using any Git source -- after a file was created or modified in the application container -- were also affected.
Microsoft clarified in their response that the issue affects App Service Linux customers who deployed applications using Local Git after files were created or modified in the content root directory. They explained that this happens "because the system attempts to preserve the currently deployed files as part of repository contents, and activates what is referred to as in-place deployments by deployment engine (Kudu)." 

https://www.google.com/search?q=microsoft&rlz=1C1GCEU_enIR950IR950&sxsrf=AOaemvJAd0S5UWoFtGHm4ScGejt2tqik7w:1640679150585&source=lnms&tbm=isch&sa=X&ved=2ahUKEwiUw9ePhob1AhWy_7sIHRBkC0AQ_AUoAXoECAIQAw&biw=1121&bih=892&dpr=1