Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying DevSecOps for Azure
  • Table Of Contents Toc
DevSecOps for Azure

DevSecOps for Azure

By : David Okeyode, Joylynn Kirui
4.8 (11)
Buy this Book
close
close
DevSecOps for Azure

DevSecOps for Azure

4.8 (11)
By: David Okeyode, Joylynn Kirui
Buy this Book

Overview of this book

Businesses must prioritize security, especially when working in the constantly evolving Azure cloud. However, many organizations struggle to maintain security and compliance. Attackers are increasingly targeting software development processes, making software supply chain security crucial. This includes source control systems, build systems, CI/CD platforms, and various artifacts. With the help of this book, you’ll be able to enhance security and compliance in Azure software development processes. Starting with an overview of DevOps and its relationship with Agile methodologies and cloud computing, you'll gain a solid foundation in DevSecOps principles. The book then delves into the security challenges specific to DevOps workflows and how to address them effectively. You'll learn how to implement security measures in the planning phase, including threat modeling and secure coding practices. You'll also explore pre-commit security controls, source control security, and the integration of various security tools in the build and test phases. The book covers crucial aspects of securing the release and deploy phases, focusing on artifact integrity, infrastructure as code security, and runtime protection. By the end of this book, you’ll have the knowledge and skills to implement a secure code-to-cloud process for the Azure cloud.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Understanding DevOps and DevSecOps
Icon
Part 1: Understanding DevOps and DevSecOps
Lock Free Chapter
2
Chapter 1: Agile, DevOps, and Azure Overview
Icon
Chapter 1: Agile, DevOps, and Azure Overview
Icon
Technical requirements
Icon
Defining DevOps – Understanding its concepts and practices
Icon
Understanding the process aspect of DevOps
Icon
Understanding the people aspect of DevOps
Icon
Understanding the product aspect of DevOps – The toolchain
Icon
Agile, DevOps, and the Cloud – A perfect trio
Icon
Hands-on Exercise 1 – Creating an Azure subscription
Icon
Hands-On Exercise 2 – Creating an Azure DevOps organization (linked to your Azure AD tenant)
Icon
Hands-On Exercise 3 – Creating a GitHub Enterprise Cloud trial account
Icon
Summary
Icon
Further reading
3
Chapter 2: Security Challenges of the DevOps Workflow
Icon
Chapter 2: Security Challenges of the DevOps Workflow
Icon
Technical requirements
Icon
Security challenges of DevOps
Icon
The case for DevSecOps
Icon
DevSecOps and supply chain security
Icon
Summary
Icon
Further reading
4
Part 2: Securing the Plan and Code Phases of DevOps
Icon
Part 2: Securing the Plan and Code Phases of DevOps
5
Chapter 3: Implementing Security in the Plan Phase of DevOps
Icon
Chapter 3: Implementing Security in the Plan Phase of DevOps
Icon
Technical requirements
Icon
Understanding DevSecOps in the planning phase
Icon
Understanding threat modeling and its benefits
Icon
Hands-on exercise 1 – Provisioning the lab VM
Icon
Hands-on exercise 2 – Performing threat modeling of an e-commerce application
Icon
Implementing continuous code-to-cloud security training
Icon
Summary
Icon
Further reading
6
Chapter 4: Implementing Pre-commit Security Controls
Icon
Chapter 4: Implementing Pre-commit Security Controls
Icon
Technical requirements
Icon
Overview of the pre-commit coding phase of DevOps
Icon
Securing the development environment
Icon
Addressing common development security mistakes
Icon
Choosing the right developer-first security tooling
Icon
Hands-on exercise 1 – Performing code review, dependency checks, and secret scanning on the IDE
Icon
Hands-on exercise 2 – Installing and configuring Git pre-commit hooks on the IDE
Icon
Summary
7
Chapter 5: Implementing Source Control Security
chevron up
Icon
Chapter 5: Implementing Source Control Security
Icon
Technical requirements
Icon
Understanding the post-commit phase of DevOps
Icon
Securing the source code management environment
Icon
Addressing common coding security issues in source control
Icon
Hands-on exercise – Performing pre-receive checks and dependency reviews
Icon
Summary
8
Part 3: Securing the Build, Test, Release, and Operate Phases of DevOps
Icon
Part 3: Securing the Build, Test, Release, and Operate Phases of DevOps
9
Chapter 6: Implementing Security in the Build Phase of DevOps
Icon
Chapter 6: Implementing Security in the Build Phase of DevOps
Icon
Technical requirements
Icon
Understanding the continuous build and test phases of DevOps
Icon
Securing CI environments and processes
Icon
Securing the build services and workers
Icon
Addressing common coding security issues
Icon
Hands-on exercises – Integrating security within the build phase
Icon
Summary
10
Chapter 7: Implementing Security in the Test and Release Phases of DevOps
Icon
Chapter 7: Implementing Security in the Test and Release Phases of DevOps
Icon
Technical requirements
Icon
Understanding the continuous deployment phase of DevOps
Icon
Protecting release artifacts in the release phase
Icon
Implementing security gates in release pipelines
Icon
Hands-on exercise – Integrating security within the build and test phases
Icon
Summary
11
Chapter 8: Continuous Security Monitoring on Azure
Icon
Chapter 8: Continuous Security Monitoring on Azure
Icon
Technical requirements
Icon
Understanding continuous monitoring in DevOps
Icon
Securing an application runtime environment
Icon
Protecting applications at runtime in Azure
Icon
Hands-on exercise – Continuous security monitoring on Azure
Icon
Summary
Icon
Further reading
12
Index
Icon
Index
Icon
Why subscribe?
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Implementing Source Control Security

In the previous chapter, we divided the DevOps code development process into two key phases: the pre-commit phase and the source control management phase. This division was made to simplify our discussion of security integration. We’ve already discussed the security practices in the pre-commit phase. Next, we will shift our focus to the security aspects within source control.

Source control in DevOps is a way to organize and track the code for a project using a source control management (SCM) system such as Git or Team Foundation Version Control (TFVC). When implementing DevSecOps in source control, it is important to consider how the code repository is managed and secured. If access to the code repository is compromised or protections can be easily bypassed, it is hard to trust the code stored in it. By the end of this chapter, you will have gained a solid understanding of the following key areas:

  • Understanding the post-commit...
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
DevSecOps for Azure
End of Section 7
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon