Channel 9 is a community. We bring forward the people behind our products and connect them with those who use them. We think there is a great future in software and we're excited about it. We want the community to participate in the ongoing conversation. This is the heart of Channel 9. We talk about our work but listen to the customer.
https://channel9.msdn.com/
Exploring the tools for DevSecOps in a CI/CD Pipeline on Azure | Azure Enablement
Victoria Almazova joins David Blank-Edelman to explore the tools for DevSecOps in a CI/CD Pipeline on Azure.
✅ Resources:
- WAF Security pillar
- Azure Well-Architected Review
- Secure DevOps
- DevSecOps in Azure
- Secure DevOps Kit for Azure
- Secure Azure pipelines
[00:00] Overview
[01:09] Let's review what we've learned about DevSecOps so far.
[01:55] Why are we focusing only on dependency management and security scanning?
[03:17] Is there a way we could see a concrete example of implementing security practices?
[05:16] Can you show me a real life example of how this implementation works in Azure DevOps? [07:46] Why do you deploy the ZAP Scanner WebApp after you built the application?
[08:43] What is the next stage in the [CI/CD] pipeline, once all the scanning is done?
[09:52] How will I know whether the tools find a security vulnerability, and how I get notified?
[11:11] By "breaking the build," do we mean the pipeline itself stops when it discovers a vulnerability?
[11:35] We've covered credentials scan results. Are there other results to mention?
???? Related Episodes to watch next:
- DevSecOps: bringing security into your DevOps practice on Azure
- Improve app security with Application Security Groups
- Better app token security through application roles
???? Watch more episodes in the Well-Architected Series!