Azure Key Vault is a great product to store secrets like connection strings and passwords. It is relatively cheap, easy to use and integr… well quite easy to integrate if you run for example .NET Core application. If you use Key Vault with .NET Framework configuration manager, or you want to access secrets at DevOps pipeline, then things are getting bit more trickier. Let me explain why.
Want to find potential security vulnerabilities from your code base? Or want to see an impact of code changes to dependencies before you merge a pull request? If you answered yes then keep reading.
GitHub offers security features, like code scanning for private repositories under GitHub Advanced Security license. This option is only available for GitHub Enterprise users. You can test these features in public repositories (because they are free …
Microsoft Defender for DevOps is latest Microsoft DevSecOps product, that extends the Defender for Clouds threat detection capabilities to Azure DevOps resources. It assesses your Azure DevOps resources according to Azure DevOps specific security recommendations and the results are then added into your Defender security score.
The feature can be enabled from Azure Portal / Microsoft Defender For Cloud. If you haven’t enable the Defender …
Shift-Left in security has been a trend for awhile and the reason for that is, that automated CI/CD pipelines are tempting breach points for hackers. Unprotected CI/CD pipeline is easy and tempting route into production environment and can cause some serious issues. One way to improve security is to monitor our pipelines for an unwanted changes. Azure DevOps has some great tools for implementing the …
Secure DevOps Kit (AzSK) is free set of tools, which can be used to check security configurations for Azure resources. Cool thing about this toolset is, that it can be easily integrated into the Azure DevOps.
AzSK can be installed as free extension from Azure DevOps Marketplace. Extension contains two tasks:
I’m going to scratch a big surface here, but let’s see how Azure DevOps can help us to bring more security into our code base. This is first part of three post series about how to add Sec into Azure DevOps.
We are more and more depended of other peoples code. Packaging systems like Nuget and NPM gives us power to fetch huge amount of code in blink of an …