Integrate best practice security controls and analyses into your build and release processes for a single application
This offer is ideally suited to organisations that would like to start using DevOps to increase quality and reduce time to market, or for those already using DevOps but that have a pressing need to start to build a security culture and improve the security posture of the organisation. The engagement focusses on introducing the capability for a single application, but the principles can then easily be extended across the organisation. The engagement starts with a workshop where the application team presents the application, key components and hosting arrangements while a Microsoft Certified DevOps Engineer Expert will provide an overview of the Security Development Lifecycle (SDL) and the capabilities of Azure DevOps (or GitHub) to implement aspects of the SDL.
CI/CD Pipelines are built or extended to include DeVSecOps practices such as Static Security Testing, Dynamic Security Testing and Software Component Vulnerability Analysis and appropriate gates and controls to ensure continuous improvement of security of the application and that security regressions cannot be introduced by Developers. At the end of the engagement is a presentation of the DevSecOps processes that have been implemented and recommendations on how to improve the application moving forwards.