DevOps Security shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows.
DevOps Security uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come.
With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML.
Option 1: Configure using Azure DevOps Pipeline Classic Editor:
Select a Project
Click Pipelines > Click Create Pipeline
3. Click Use the classic editor to create a pipeline without YAML
4. Select a source, Team project, Repository, and Default branch from the dropdown menus Click Continue
5. Click Empty job
6. On the Agent job 1, click the + to add a step
7. In the search box type Use .NET Core
Click Add 3 times
8. Type Microsoft Security in the search box
Click Add on Microsoft Security DevOps to add it to the Agent job 1
9. Click on each of the Use .NET Core sdk tasks and set the versions as 3.1.x, 5.0.x, 6.0.x
10. Click Save & queue to open the dropdown menu
Click Save & queue
11. Type a Save comment (example: Microsoft Security DevOps added) > Click Save and run