SlideShare a Scribd company logo

DevSecOps Basics with Azure Pipelines

A
Abdul_Mujeeb

This document discusses DevSecOps, which integrates security practices into DevOps workflows to securely develop software through continuous integration and delivery. It outlines the basic DevOps process using Azure Pipelines for CI/CD and defines DevSecOps. The document then discusses challenges with security, benefits of DevSecOps for businesses, and common tools used, before concluding with an example DevSecOps demo using Azure Pipelines with security scans at various stages.

Technology
1 of 14
Downloaded 47 times
1
2
3
4
5
6
7
8
Most read
9
Most read
10
Most read
11
12
13
14
DevSecOps Using Azure Pipelines for Continuous CI CD and Security Mohammed Abdul Mujeeb
Agenda • What is DevOps • DevOps using Azure Pipelines • What is DevSecOps • Why do we need DevSecOps • Demo - DevSecOps using Azure Pipelines
Build Cycle
DevOps • A compound of development (Dev) and operations (Ops), DevOps is the union of people, process, and technology to continually provide value to customers - Microsoft Definition • Any thing that speeds application delivery - Simplified • Automation plays an important role in speeding application delivery
Azure DevOps • Set of tools to achieve DevOps • 5 Modules - Boards, Repos, Pipelines, Test Plan, Artifacts • Azure Pipelines - CI and CD tool
Terminologies • Continuous Integration (CI) - Automated building of code • Continuous Delivery (CD) - Deployment ready, but not all changes will be deployed to production • Continuous Deployment (CD) - Automated deployment to production
Demo Architecture
Demo - Basic DevOps Process 1. Developer makes changes in IDE (VSCode) 2. Developer pushes the code to GIT 3. The push triggers automated build (CI) using Azure pipelines 4. The CI pulls latest source code, builds docker image and pushes docker image to Azure Container Registry (ACR) 5. Successful deployment to ACR triggers CD via Releases 6. The Release Pipeline deploys code to the App Service
Basic DevSecOps Process • Design - Threat Modeling and Risk Assessment • Development - SAST Scan on IDE, Code Reviews • Continuous Integration (CI) - Security Unit Tests, Static Application Security testing, Open Source Analysis, Container Scanning • Continuous Delivery (CD) - Compliance Check, Dynamic Application Security Scanning, Infrastructure Security, Penetration testing • Continuous Deployment (CD) - Compliance Check, Runtime Defense • Security in Production - Monitoring, SSL Configuration,
Challenges • Security as an after thought • Quick software release cycles • Moving workloads to cloud • Organizational Culture
DevSecOps • Shift Security Left • Integrates security with DevOps without slowing down SDLC • Automates Security within the DevOps Workflow • Secure Continuous Development • Is not just about using bunch of security tools. It’s about people, process and tools
DevSecOps for Business • An organization developing software in-house • An organization outsourcing software development • An organization procuring software from a vendor
Tools of the trade • Threat Modeling - Microsoft Threat Modeling .. • SAST Scan - Checkmarx, SonarCloud, Open Source .. • OSA - Whitesource, BlackDuck, OWASP Dependency Check .. • Container Scan - Aqua, Twistlock, Anchore, Clair .. • DAST Scan - OWASP ZAP, TinFoil .. • Many other tools based on the requirement • Prefer open source tools to start
Demo Secure CI and CD using Azure Pipelines Steps - 1. SAST scan using SonarCloud 2. Open Source Scan scan using Whitesource Bolt 3. Container Scan using Anchore 4. DAST Scan using OWASP Zap 5. Compliance Scan on the cloud infrastructure

More Related Content

PPTX
DevOps to DevSecOps Journey..
Siddharth Joshi
 
PPTX
DevSecOps : an Introduction
Prashanth B. P.
 
PPTX
DevSecOps
Joel Divekar
 
PPTX
Introduction to DevSecOps
abhimanyubhogwan
 
PDF
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
PPTX
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
PDF
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
PDF
DevSecOps | DevOps Sec
Rubal Jain
 
DevOps to DevSecOps Journey..
Siddharth Joshi
 
DevSecOps : an Introduction
Prashanth B. P.
 
DevSecOps
Joel Divekar
 
Introduction to DevSecOps
abhimanyubhogwan
 
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps | DevOps Sec
Rubal Jain
 

What's hot (20)

PDF
2019 DevSecOps Reference Architectures
Sonatype
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
PDF
Security Process in DevSecOps
Opsta
 
PPTX
DEVSECOPS.pptx
MohammadSaif904342
 
PDF
DevOps for beginners
Pradeep Patel, PMP®
 
PDF
Secure Your Code Implement DevSecOps in Azure
kloia
 
PPTX
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Simplilearn
 
PPTX
How to Get Started with DevSecOps
CYBRIC
 
PPTX
DevOps Introduction
Robert Sell
 
PDF
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
Edureka!
 
PPTX
Introduction to DevOps
Hawkman Academy
 
PPTX
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
Simplilearn
 
PPTX
Devops online training ppt
KhalidQureshi31
 
PPTX
DevOps introduction
Mettje Heegstra
 
PDF
Welcome to Azure Devops
Alessandro Scardova
 
PDF
DevSecOps and the CI/CD Pipeline
James Wickett
 
PPTX
DevOps Foundation
Homepree Rloy
 
PDF
Slide DevSecOps Microservices
Hendri Karisma
 
PPTX
Dev ops != Dev+Ops
Shalu Ahuja
 
PDF
Introduction to DevOps
Ravindu Fernando
 
2019 DevSecOps Reference Architectures
Sonatype
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Security Process in DevSecOps
Opsta
 
DEVSECOPS.pptx
MohammadSaif904342
 
DevOps for beginners
Pradeep Patel, PMP®
 
Secure Your Code Implement DevSecOps in Azure
kloia
 
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Simplilearn
 
How to Get Started with DevSecOps
CYBRIC
 
DevOps Introduction
Robert Sell
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
Edureka!
 
Introduction to DevOps
Hawkman Academy
 
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
Simplilearn
 
Devops online training ppt
KhalidQureshi31
 
DevOps introduction
Mettje Heegstra
 
Welcome to Azure Devops
Alessandro Scardova
 
DevSecOps and the CI/CD Pipeline
James Wickett
 
DevOps Foundation
Homepree Rloy
 
Slide DevSecOps Microservices
Hendri Karisma
 
Dev ops != Dev+Ops
Shalu Ahuja
 
Introduction to DevOps
Ravindu Fernando
 
Ad

Similar to DevSecOps Basics with Azure Pipelines (20)

PPTX
Secure DevOPS Implementation Guidance
Tej Luthra
 
PPTX
How to Execute DevOps Using Azure CI CD.pptx
Xavor Corporation - Redefining Health Technology
 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
ScalaCode
 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
your techdigest
 
PPTX
Azure DevOps
Michael Jesse
 
PDF
Azure DevOps Day - Trivandrum
Amal Dev
 
PDF
[JAZUG Tohoku Azure DevOps] Azure DevOps
Naoki (Neo) SATO
 
PDF
Azure DevOps Day - Kochi
Amal Dev
 
PDF
Scale security for a dollar or less
Mohammed A. Imran
 
PDF
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
PPTX
Drive business outcomes using Azure Devops
Belatrix Software
 
PPTX
Azure DevOps
Juan Fabian
 
PDF
Azure DevOps - Azure Guatemala Meetup
Guillermo Zepeda Selman
 
PDF
Security Scanning Solutions_ Protecting Applications in the DevOps Era.pdf
Devseccops.ai
 
PPTX
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Janusz Nowak
 
PPTX
Azure_DevOps_Presentation BASIC SLIDES.pptx
SantoshAiwale4
 
PDF
Enhancing Devops Workflow and he details
Invensis Learning
 
PPTX
DevOps and Tools
Mohammed Fazuluddin
 
PPTX
Azure dev ops
Swaminathan Vetri
 
Secure DevOPS Implementation Guidance
Tej Luthra
 
How to Execute DevOps Using Azure CI CD.pptx
Xavor Corporation - Redefining Health Technology
 
From DevOps to DevSecOps: Evolution of Secure Software Development
ScalaCode
 
The Rise of DevSecOps in CI_CD Workflows.pdf
your techdigest
 
Azure DevOps
Michael Jesse
 
Azure DevOps Day - Trivandrum
Amal Dev
 
[JAZUG Tohoku Azure DevOps] Azure DevOps
Naoki (Neo) SATO
 
Azure DevOps Day - Kochi
Amal Dev
 
Scale security for a dollar or less
Mohammed A. Imran
 
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Drive business outcomes using Azure Devops
Belatrix Software
 
Azure DevOps
Juan Fabian
 
Azure DevOps - Azure Guatemala Meetup
Guillermo Zepeda Selman
 
Security Scanning Solutions_ Protecting Applications in the DevOps Era.pdf
Devseccops.ai
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Janusz Nowak
 
Azure_DevOps_Presentation BASIC SLIDES.pptx
SantoshAiwale4
 
Enhancing Devops Workflow and he details
Invensis Learning
 
DevOps and Tools
Mohammed Fazuluddin
 
Azure dev ops
Swaminathan Vetri
 
Ad

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
This slide provides an overview Technology
mineshkharadi333
 
PDF
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
PDF
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
PDF
REPORT: Heating appliances market in Poland 2024
SPIUG
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
Test Bank, Solutions for Java How to Program, An Objects-Natural Approach, 12...
famaw19526
 
PDF
Event Presentation Google Cloud Next Extended 2025
minhtrietgect
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
CIFDAQ'S Market Insight: BTC to ETH money in motion
CIFDAQ
 
PDF
Google’s NotebookLM Unveils Video Overviews
SOFTTECHHUB
 
PPTX
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
PDF
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
This slide provides an overview Technology
mineshkharadi333
 
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
REPORT: Heating appliances market in Poland 2024
SPIUG
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
Software Development Methodologies in 2025
KodekX
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Test Bank, Solutions for Java How to Program, An Objects-Natural Approach, 12...
famaw19526
 
Event Presentation Google Cloud Next Extended 2025
minhtrietgect
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
CIFDAQ'S Market Insight: BTC to ETH money in motion
CIFDAQ
 
Google’s NotebookLM Unveils Video Overviews
SOFTTECHHUB
 
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 

DevSecOps Basics with Azure Pipelines

  • 1. DevSecOps Using Azure Pipelines for Continuous CI CD and Security Mohammed Abdul Mujeeb
  • 2. Agenda • What is DevOps • DevOps using Azure Pipelines • What is DevSecOps • Why do we need DevSecOps • Demo - DevSecOps using Azure Pipelines
  • 4. DevOps • A compound of development (Dev) and operations (Ops), DevOps is the union of people, process, and technology to continually provide value to customers - Microsoft Definition • Any thing that speeds application delivery - Simplified • Automation plays an important role in speeding application delivery
  • 5. Azure DevOps • Set of tools to achieve DevOps • 5 Modules - Boards, Repos, Pipelines, Test Plan, Artifacts • Azure Pipelines - CI and CD tool
  • 6. Terminologies • Continuous Integration (CI) - Automated building of code • Continuous Delivery (CD) - Deployment ready, but not all changes will be deployed to production • Continuous Deployment (CD) - Automated deployment to production
  • 8. Demo - Basic DevOps Process 1. Developer makes changes in IDE (VSCode) 2. Developer pushes the code to GIT 3. The push triggers automated build (CI) using Azure pipelines 4. The CI pulls latest source code, builds docker image and pushes docker image to Azure Container Registry (ACR) 5. Successful deployment to ACR triggers CD via Releases 6. The Release Pipeline deploys code to the App Service
  • 9. Basic DevSecOps Process • Design - Threat Modeling and Risk Assessment • Development - SAST Scan on IDE, Code Reviews • Continuous Integration (CI) - Security Unit Tests, Static Application Security testing, Open Source Analysis, Container Scanning • Continuous Delivery (CD) - Compliance Check, Dynamic Application Security Scanning, Infrastructure Security, Penetration testing • Continuous Deployment (CD) - Compliance Check, Runtime Defense • Security in Production - Monitoring, SSL Configuration,
  • 10. Challenges • Security as an after thought • Quick software release cycles • Moving workloads to cloud • Organizational Culture
  • 11. DevSecOps • Shift Security Left • Integrates security with DevOps without slowing down SDLC • Automates Security within the DevOps Workflow • Secure Continuous Development • Is not just about using bunch of security tools. It’s about people, process and tools
  • 12. DevSecOps for Business • An organization developing software in-house • An organization outsourcing software development • An organization procuring software from a vendor
  • 13. Tools of the trade • Threat Modeling - Microsoft Threat Modeling .. • SAST Scan - Checkmarx, SonarCloud, Open Source .. • OSA - Whitesource, BlackDuck, OWASP Dependency Check .. • Container Scan - Aqua, Twistlock, Anchore, Clair .. • DAST Scan - OWASP ZAP, TinFoil .. • Many other tools based on the requirement • Prefer open source tools to start
  • 14. Demo Secure CI and CD using Azure Pipelines Steps - 1. SAST scan using SonarCloud 2. Open Source Scan scan using Whitesource Bolt 3. Container Scan using Anchore 4. DAST Scan using OWASP Zap 5. Compliance Scan on the cloud infrastructure