cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SAST & DAST with Azure DevOps

ershadnozari
Copper Contributor

‎Oct 13 2022 07:01 PM - last edited on ‎Mar 05 2024 02:06 PM by

‎Oct 13 2022 07:01 PM - last edited on ‎Mar 05 2024 02:06 PM by

SAST & DAST with Azure DevOps

Hello,

My organisation is looking to implement a SAST & DAST to enhance code quality & security. We are using Azure DevOps for CI/CD. What is the best to go on about finding out what's offered and potential solutions in Azure DevOps. It this something that's offered by Defender for DevOps that's announced at Ignite https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction.

 

Appreciate any helps or pointers.

Labels:
19K Views
0 Likes
1 Reply
Reply
1 Reply
Unaihuete

‎Oct 17 2022 06:43 AM

‎Oct 17 2022 06:43 AM

Re: SAST & DAST with Azure DevOps

Hello,

There are so many options available for it on the ADO marketplace, tools like Mend (for dependency scanning), Sonarqube/Sonarcloud (SAST), Owasp Zap (DAST),... You can use the ones working better for you (in terms of pricing and support).

During Ignite the following was announced:
- Defender for DevOps : reviews the security related setup of your ADO organizations and GH organizations.
- GitHub Advanced Security (GHAS) for ADO, which offers Secret scanning, Dependabot (for dependency scanning and CodeQL for SAST https://devblogs.microsoft.com/devops/integrate-security-into-your-developer-workflow-with-github-ad...

For an example using OWASP ZAP in ADO: https://devblogs.microsoft.com/premier-developer/azure-devops-pipelines-leveraging-owasp-zap-in-the-...
1 Like
Reply