Skip to content

DevSecOps

Image of safe generated with DALLE

How to Access Restricted Azure Key Vault from Azure DevOps

Azure Key Vault is a great product to store secrets like connection strings and passwords. It is relatively cheap, easy to use and integr… well quite easy to integrate if you run for example .NET Core application. If you use Key Vault with .NET Framework configuration manager, or you want to access secrets at DevOps pipeline, then things are getting bit more trickier. Let me explain why.

Security is Everything

Photo by: cottonbro studio

Secure GitHub repositories with GitHub Advanced Security

Want to find potential security vulnerabilities from your code base? Or want to see an impact of code changes to dependencies before you merge a pull request? If you answered yes then keep reading.

GitHub offers security features, like code scanning for private repositories under GitHub Advanced Security license. This option is only available for GitHub Enterprise users. You can test these features in public repositories (because they are free

DevSecOps with Microsoft Defender for DevOps 

Microsoft Defender for DevOps is latest Microsoft DevSecOps product, that extends the Defender for Clouds threat detection capabilities to Azure DevOps resources. It assesses your Azure DevOps resources according to Azure DevOps specific security recommendations and the results are then added into your Defender security score.

How to Enable DevOps Security

The feature can be enabled from Azure Portal / Microsoft Defender For Cloud. If you haven’t enable the Defender …

DevSecOps with Azure DevOps Auditing

Picture of two security cameras.
Kuvaaja Scott Webb palvelusta Pexels

Shift-Left in security has been a trend for awhile and the reason for that is, that automated CI/CD pipelines are tempting breach points for hackers. Unprotected CI/CD pipeline is easy and tempting route into production environment and can cause some serious issues. One way to improve security is to monitor our pipelines for an unwanted changes. Azure DevOps has some great tools for implementing the …

Azure DevSecOps 2/3 – Security DevOps Kit for Azure

Image result for azsk

Secure DevOps Kit (AzSK) is free set of tools, which can be used to check security configurations for Azure resources. Cool thing about this toolset is, that it can be easily integrated into the Azure DevOps.

AzSK can be installed as free extension from Azure DevOps Marketplace. Extension contains two tasks:

  1. ARM Template Checker – as task that can check security settings in ARM templates
  2. Security Verification Tests (SVTs)

Azure DevSecOps 1/3 – WhiteSource Bolt

DevSecOps

I’m going to scratch a big surface here, but let’s see how Azure DevOps can help us to bring more security into our code base. This is first part of three post series about how to add Sec into Azure DevOps.

We are more and more depended of other peoples code. Packaging systems like Nuget and NPM gives us power to fetch huge amount of code in blink of an …