Forum Discussion
SAST & DAST with Azure DevOps
Hello, My organisation is looking to implement a SAST & DAST to enhance code quality & security. We are using Azure DevOps for CI/CD. What is the best to go on about finding out what's offered and p...
Hello,
There are so many options available for it on the ADO marketplace, tools like Mend (for dependency scanning), Sonarqube/Sonarcloud (SAST), Owasp Zap (DAST),... You can use the ones working better for you (in terms of pricing and support).
During Ignite the following was announced:
- Defender for DevOps : reviews the security related setup of your ADO organizations and GH organizations.
- GitHub Advanced Security (GHAS) for ADO, which offers Secret scanning, Dependabot (for dependency scanning and CodeQL for SAST https://devblogs.microsoft.com/devops/integrate-security-into-your-developer-workflow-with-github-advanced-security-for-azure-devops/
For an example using OWASP ZAP in ADO: https://devblogs.microsoft.com/premier-developer/azure-devops-pipelines-leveraging-owasp-zap-in-the-release-pipeline/
There are so many options available for it on the ADO marketplace, tools like Mend (for dependency scanning), Sonarqube/Sonarcloud (SAST), Owasp Zap (DAST),... You can use the ones working better for you (in terms of pricing and support).
During Ignite the following was announced:
- Defender for DevOps : reviews the security related setup of your ADO organizations and GH organizations.
- GitHub Advanced Security (GHAS) for ADO, which offers Secret scanning, Dependabot (for dependency scanning and CodeQL for SAST https://devblogs.microsoft.com/devops/integrate-security-into-your-developer-workflow-with-github-advanced-security-for-azure-devops/
For an example using OWASP ZAP in ADO: https://devblogs.microsoft.com/premier-developer/azure-devops-pipelines-leveraging-owasp-zap-in-the-release-pipeline/