Episode
Exploring the tools for DevSecOps in a CI/CD Pipeline on Azure
Victoria Almazova joins David Blank-Edelman to explore the tools for DevSecOps in a CI/CD Pipeline on Azure.
✅ Resources:
- WAF Security pillar
- Azure Well-Architected Review
- Secure DevOps
- DevSecOps in Azure
- Secure DevOps Kit for Azure
- Secure Azure pipelines
[00:00] Overview
[01:09] Let's review what we've learned about DevSecOps so far.
[01:55] Why are we focusing only on dependency management and security scanning?
[03:17] Is there a way we could see a concrete example of implementing security practices?
[05:16] Can you show me a real life example of how this implementation works in Azure DevOps? [07:46] Why do you deploy the ZAP Scanner WebApp after you built the application?
[08:43] What is the next stage in the [CI/CD] pipeline, once all the scanning is done?
[09:52] How will I know whether the tools find a security vulnerability, and how I get notified?
[11:11] By "breaking the build," do we mean the pipeline itself stops when it discovers a vulnerability?
[11:35] We've covered credentials scan results. Are there other results to mention?
📺 Related Episodes to watch next:
- DevSecOps: bringing security into your DevOps practice on Azure
- Improve app security with Application Security Groups
- Better app token security through application roles
🔴 Watch more episodes in the Well-Architected Series!
Victoria Almazova joins David Blank-Edelman to explore the tools for DevSecOps in a CI/CD Pipeline on Azure.
✅ Resources:
- WAF Security pillar
- Azure Well-Architected Review
- Secure DevOps
- DevSecOps in Azure
- Secure DevOps Kit for Azure
- Secure Azure pipelines
[00:00] Overview
[01:09] Let's review what we've learned about DevSecOps so far.
[01:55] Why are we focusing only on dependency management and security scanning?
[03:17] Is there a way we could see a concrete example of implementing security practices?
[05:16] Can you show me a real life example of how this implementation works in Azure DevOps? [07:46] Why do you deploy the ZAP Scanner WebApp after you built the application?
[08:43] What is the next stage in the [CI/CD] pipeline, once all the scanning is done?
[09:52] How will I know whether the tools find a security vulnerability, and how I get notified?
[11:11] By "breaking the build," do we mean the pipeline itself stops when it discovers a vulnerability?
[11:35] We've covered credentials scan results. Are there other results to mention?
📺 Related Episodes to watch next:
- DevSecOps: bringing security into your DevOps practice on Azure
- Improve app security with Application Security Groups
- Better app token security through application roles
🔴 Watch more episodes in the Well-Architected Series!
Have feedback? Submit an issue here.