Microsoft Azure DevOps Engineer: Implement a Secure and Compliant Development Process
This course will teach you how to implement secure development practices and automated security testing into your Azure DevOps Pipelines. You'll learn to integrate code scanning, penetration testing, and secret management into Pipelines.
What you'll learn
It's no longer acceptable to just perform security testing at the end of long development cycles. With modern DevOps practices, frequent production releases are normal, so an approach is needed to automate security testing in the CI/CD process. In this course, Microsoft Azure DevOps Engineer: Implement a Secure and Compliant Development Process, you'll learn how to implement secure development practices in your Azure DevOps Pipelines. First, you'll learn how to integrate automated code scanning in your pipelines to detect coding errors that could cause security vulnerabilities. Next, you'll discover how to implement tasks to detect vulnerabilities in open source libraries your code uses. Then, you'll explore how to automatically conduct a penetration test when your application is deployed to a test environment. Finally, you'll learn how to properly handle application secrets like database passwords or certificates in your deployment process. When you're finished with this course, you'll have the skills and knowledge needed to integrate secure development practices into your Azure DevOps Pipelines.
Table of contents
- Introduction 1m
- Create an Azure DevOps Build Pipeline 4m
- Understanding Microsoft Roslyn Security Analyzers 5m
- Install and Configure Roslyn Security Analyzers 6m
- Security Scanning in Build Tasks 3m
- Adding Third-party Security Scanning Tools 2m
- Configuring SonarCloud in an Azure DevOps Pipeline 9m
- Enforcing Quality with Branch Policies and Pull Requests 2m
- Adding SonarCloud Comments to Pull Requests 5m
- Scanning Open-source Libraries for Vulnerabilities 5m
- Adding WhiteSource Bolt to the Build Pipeline 4m
- Module Summary 1m
About the author
Neil has worked on everything from early mobile .NET compact framework apps to modern Azure based web apps during his years in IT. As a developer and architect, he has focused on .NET and JavaScript application development, security, and hosting across a variety of Microsoft platforms, including ASP.NET, SharePoint, and Dynamics CRM. Neil has several Microsoft Certifications, including MCPD, MCSA, and MCSD.