Exploring the tools for DevSecOps in a CI/CD Pipeline on Azure

Ғылым және технология

Victoria Almazova joins David Blank-Edelman to explore the tools for DevSecOps in a CI/CD Pipeline on Azure.
Resources
• WAF Security pillar aka.ms/azenable/30/01
• Azure Well-Architected Review aka.ms/azenable/30/02
• Secure DevOps aka.ms/azenable/30/03
• DevSecOps in Azure aka.ms/azenable/30/04
• Secure DevOps Kit for Azure aka.ms/azenable/30/05
• Secure Azure pipelines aka.ms/azenable/30/06
Related Episodes
• DevSecOps: bringing security into your DevOps practice on Azure • DevSecOps: bringing se...
• Improve app security with Application Security Groups • Improve app security w...
• Better app token security through application roles • Better app token secur...
To watch more episodes in the Well-Architected Series, check out our playlist: aka.ms/azenable/yt/wa-playlist
Explore more cloud enablement resources!
www.azure.com/enablement
0:00 Overview
1:09 Let's review what we've learned about DevSecOps so far.
1:55 Why are we focusing only on dependency management and security scanning?
3:17 Is there a way we could see a concrete example of implementing security practices?
5:16 Can you show me a real life example of how this implementation works in Azure DevOps?
7:46 Why do you deploy the ZAP Scanner WebApp after you built the application?
8:43 What is the next stage in the [CI/CD] pipeline, once all the scanning is done?
9:52 How will I know whether the tools find a security vulnerability, and how I get notified?
11:11 By "breaking the build," do we mean the pipeline itself stops when it discovers a vulnerability?
11:35 We've covered credentials scan results. Are there other results to mention?
#Azure #AzureEnablementShow #WellArchitected

Пікірлер: 9

  • @roborr8495
    @roborr84952 жыл бұрын

    Fantastic ! I really like the approach and of course the changing to host mode !!!

  • @sebastiencuber7088
    @sebastiencuber70883 жыл бұрын

    Great! Thanks

  • @vijayanandmuniyasamy5157
    @vijayanandmuniyasamy51573 жыл бұрын

    Hi , Thanks for session Victoria Almazova , the session was informative and useful. One question about the SAST and DAST scan. When we implement this on the pipeline, for the small scale application the time taken to complete the scan may be lesser but in case of larger applications do you prefer running for every push to the remote. What would be your suggestion on this? I have created a devsecops pipeline with Veracode and Zap as standalone job from usual build pipeline ,because I am running it overnight or only when needed so I am not slowing the generic pipeline pace.

  • @vijayanandjeeva2163

    @vijayanandjeeva2163

    3 жыл бұрын

    hi sir , do you have any step by step document to practice SAST and DAST. please share with me to upskill

  • @fabiofreitas7760

    @fabiofreitas7760

    2 жыл бұрын

    If performance is a hinder factor, my personal experience is to have it trigger on pushes to the main development branch but have it as a downstream job instead of on the main CI/CD pipeline

  • @ermukesh09
    @ermukesh092 жыл бұрын

    Is there any template that we can deploy or any labs ?

  • @yusufmilz9216
    @yusufmilz92162 жыл бұрын

    Hey, what license is required to access all these features?

  • @sconnell194
    @sconnell1943 жыл бұрын

    👍

  • @adityanarayannayak6295
    @adityanarayannayak62952 жыл бұрын

    Actually Victoria looks like a true Security Analyst.

Келесі