Describe DevOps security management


DevOps combines development (Dev) and operations (Ops) to unite people, process, and technology in application planning, development, delivery, and operations. Modern enterprises rely on DevOps platforms for deployment, including the pipelines and production environments that developers require to be productive. Traditional application security methods didn’t consider the increased attack surface that these pipelines and production environments represent for hackers. But now, with hackers shifting left and targeting these upstream tools, a new approach is needed to secure DevOps platform environments.

Defender for DevOps, a service available in Defender for Cloud, empowers security teams to manage DevOps security across multi-pipeline environments.

Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub and Azure DevOps. Findings from Defender for DevOps can then be correlated with other contextual cloud security insights to prioritize remediation in code. Key capabilities in Defender for DevOps include:

  • Unified visibility into DevOps security posture: Security administrators now have full visibility into DevOps inventory and the security posture of preproduction application code. They can configure their DevOps resources across multi-pipeline and multicloud environments in a single view.
  • Strengthen cloud resource configurations throughout the development lifecycle: You can enable security of Infrastructure as Code (IaC) templates, used to define and deploy the infrastructure rapidly and reliably, to minimize cloud misconfigurations reaching production environments. This allows security administrators to focus on any critical evolving threats.
  • Prioritize remediation of critical issues in code: Apply comprehensive code to cloud contextual insights within Defender for Cloud. Security admins can help developers prioritize critical code fixes with Pull Request annotations and assign developer ownership by triggering custom workflows feeding directly into the tools developers use.

Defender for DevOps allows you to manage your connected DevOps environments and provides your security teams with a high level overview of discovered issues that may exist within them, through the Defender for DevOps console.

A screenshot of the Defender for DevOps console, showing the number of vulnerabilities found by Defender for DevOps.

Defender for DevOps helps unify, strengthen and manage multi-pipeline DevOps security.