DevSecOps for Azure

Acquire a holistic comprehension and practical expertise in embedding security within the DevOps pipeline, specifically tailored for Azure cloud environments

Key Features

• Master integrating security into Azure DevOps workflows for cloud infrastructure
• Refine your skills with cutting-edge tools to build a secure CI/CD pipeline for both app and infrastructure
• Harden the entire DevOps workflow, from planning and coding to source control, CI, and cloud workload deployment

Book Description

The security of businesses is a top priority, especially in the constantly evolving Azure cloud. However, many organizations struggle to keep up with the security and compliance of their services. Attackers are targeting organizations through their software development processes, making software supply chain security crucial. This includes everything needed to create and deliver software, such as source control systems, build systems, CI/CD platforms, and various artifacts. This book will provide a comprehensive understanding of the DevOps workflow, its security risks and threats, and how to implement secure development environments, automated threat modeling processes, and continuous secure coding training. It will guide you in integrating security measures into every phase of the workflow, including using Azure-native cloud security services and third-party tools to secure systems and applications. The book will also cover implementing continuous security and compliance into the BUILD and DEPLOY processes. By the end of this book, you will have the knowledge and skills to implement a secure code-to-cloud process for the Azure cloud.

What you will learn

• Understand the relationship between Agile, DevOps, and Cloud
• Secure the use of containers in a CI/CD workflow
• Implement a continuous and automated threat modeling process
• Secure development toolchains like GitHub codespaces, Microsoft Dev Box, and GitHub
• Integrate continuous security throughout the code development workflow, pre- and post-source control contribution
• Integrate SCA, SAST, and secret scanning into the BUILD process to ensure code safety
• Implement security in release and deploy phases for artifact and environment compliance

Who this book is for

This book is for security professionals, DevOps engineers, developers, or anyone interested in learning the implementation of DevSecOps in a practical way. It is also beneficial for Security/IT professionals transitioning to a public cloud environment, those moving to a DevOps environment, and individuals seeking to understand where to add security checks, testing, and other controls to Azure cloud continuous delivery pipelines.

Dettagli