Book Image

Designing and Implementing Microsoft DevOps Solutions AZ-400 Exam Guide - Second Edition

By : Subhajit Chatterjee, Swapneel Deshpande, Henry Been, Maik van der Gaag
Book Image

Designing and Implementing Microsoft DevOps Solutions AZ-400 Exam Guide - Second Edition

By: Subhajit Chatterjee, Swapneel Deshpande, Henry Been, Maik van der Gaag

Overview of this book

The AZ-400 Designing and Implementing Microsoft DevOps Solutions certification helps DevOps engineers and administrators get to grips with practices such as continuous integration and continuous delivery (CI/CD), containerization, and zero downtime deployments using Azure DevOps Services. This new edition is updated with advanced topics such as site reliability engineering (SRE), continuous improvement, and planning your cloud transformation journey. The book begins with the basics of CI/CD and automated deployments, and then moves ahead to show you how to apply configuration management and Infrastructure as Code (IaC) along with managing databases in DevOps scenarios. As you make progress, you’ll explore fitting security and compliance with DevOps and find out how to instrument applications and gather metrics to understand application usage and user behavior. This book will also help you implement a container build strategy and manage Azure Kubernetes Services. Lastly, you’ll discover quick tips and tricks to confidently apply effective DevOps practices and learn to create your own Azure DevOps organization. By the end of this DevOps book, you'll have gained the knowledge needed to ensure seamless application deployments and business continuity.
Table of Contents (27 chapters)
1
Part 1 – Digital Transformation through DevOps
5
Part 2 – Getting to Continuous Delivery
9
Part 3 – Expanding Your DevOps Pipeline
15
Part 4 – Closing the Loop
18
Part 5 – Advanced Topics

Working with dependencies

Next to the security risks that application code developed in-house poses, there is also a risk associated with components that are reused. Between 50% and 80% of modern application code is not developed in-house but is taken from other parties in the form of packages or dependencies. Some of these might be open source, but this is not necessarily the case. There can also be components that are bought from other development companies or binaries taken from galleries such as NuGet.

Dependencies not only pose security risks but also licensing risks. What happens if a team starts using a component that is published under the GPL license for a closed source component? If anyone ever finds out, they can be forced to open source their product, or at least suffer public shame for not using the work of others according to the license.

To mitigate these risks, a number of tools can be used to detect and scan all of the dependencies that are used when building...