DevSecOps Implementation

Sii Sp. z o.o.

Extending the functionality of Azure Devops and Microsoft Defender for Cloud DevOps Security module to secure your CI/CD pipeline

Distributed code development, the use of various libraries by developers increases the risk of an attack through your application due to the lack of control over the security of the entire code. Also, when creating infrastructure using code, e.g. Bicep or Terraform, mistakes can be made that will result in a decrease in the security level of our cloud solutions. One of the possibilities is to combine the GitHub Connector in Microsoft Defender for Cloud. DevOps Security module with Microsoft GitHub Advanced Security product, which allows you to use all the security possibilities of the solution.

DevOps Security module of Microsoft Defender for Cloud provides you:

  • End-to-end security including visibility into code and code management systems and security capabilities that help prevent, detect, and respond to current threats,
  • Use DevOps security Recommendations and Inventory, configure PR annotations, build remediation using Logic Apps,
  • Address the risk earlier across every stage of your cloud application lifecycle - development, build, and operations.

GitHub Advanced Security will increase the security of your applications by:

  • Code Scanning mechanisms that will track and report any threats on an ongoing basis.
  • Constant verification of relationships in the code, links with external libraries and reporting whether they have any vulnerabilities

Using public code repositories also increases the risk of unknowingly publishing confidential data such as passwords or secrets. Tools built into GitHub Advanced Security will analyse your code for known strings defining database connection strings, passwords or tokens and then executing an automatic event to secure your environment.

What we propose: Dependency review – secure your pipeline using DevOps Security module and GitHub Advanced Security to support you with verification of dependency in your static code, assessment security impact of those dependency Code scanning – create configuration for your code in public and private GitHub repositories for analysing and finding security vulnerabilities and coding errors with automated reporting and alerting.  Secret scanning – selective choose engine to search strings which match patterns for any secret data like database connection strings, passwords, tokens