SlideShare ist ein Scribd-Unternehmen logo

DevOps Compliance Security CI/CD Azure Policy Pipelines

Kazushi Kamegawa
Kazushi Kamegawa

This document discusses using DevOps and security/compliance features in Azure to ensure automated deployments follow rules and policies. It recommends using Azure Pipelines and Azure Policy to check for policy compliance during deployment and deny deployment if policies are not met. It also suggests using extensions to scan for vulnerabilities and license issues, and tracking deployments in the audit log or exporting it to other services like Logic Apps for record keeping.

Technologie
1 von 35
Downloaden Sie, um offline zu lesen
DevOps and Compliance and Security KAMEGAWA Kazushi(kkamegawa)
Who am I? personal: name: KAMEGAWA Kazushi(Last-First) alias: kkamegawa community: MVP: Microsoft MVP for Developer Technologies(2009-) Users Group: Team Foundation Server Users Group URL: https://dev.azure.com/tfsug/tfsuginfo Blog: URL: https://kkamegawa.hatenablog.jp devblog radio: https://devblog.connpass.com/
This contents based on 2021/4/21
Plan Build Deploy Measure Feedback
Deploy 5W1H When Who Where How What Why
Deploy by human
Azure Web Apps’s CI/CD | Microsoft Docs Basic CI/CD for Azure Web Apps
Automated deploy is cool, but? We MUST use Japan Region. I didn’t know when deployed.
Security and Compliance feature in Azure
Compliance and Security for CI/CD DO NOT deploy illegal environment. Tracking when it is deployed. Make them follow the rules of the deployment procedure. Perform a vulnerability check.
Collaborate Azure Pipelines and Azure Policy 1. Policy checking when deploying artifacts. 2. Deploy if the policy is satisfied. 3. Deny if the policy is not satisfied.
Define Azure Policy(sample) Azure Policy | Microsoft Docs Define Azure Policy with Resource group or Subscription Evaluate the policy over a period. It seems like not evaluate immediately the policy at Pipelines.
Evaluation deploy with Azure Policy. Policy is satisfied (Deploy go) Policy is not satisfied (can’t deploy)
Azure Pipelines and Azure Policy Azure Policy Task only supports Classic Release. But Pipeline supports, Build definition is YAML, Release is Classic.
It looks like useful for that Image
Azure Pipelines and Container registry mcr.microsoft.com malware.example.com ghcr.io/xxxxx Artifact policy checks | Microsoft Docs Don't use Environments to deploy anything other than images from specific allowed container registries. Queries are written in a language called Rego. There is a template that you can use at first.
Arrow list in Environments.
Define in Azure Pipelines Unknown Container Image Environment Deploy failed when use container image other side mcr.microsoft.com
Creating a pipeline by yourself will cause problems. Service connection Limit the pipelines that can be referenced. Prepare a YAML template that defines the environment for deployment, manage it separately from the build, and separate it from those who can deploy it. Pull Request driven
Let’s copy this OSS‘s a part of source code!
OSS source code scan in Azure Pipelines If you specify an extension in a YAML template and build it, you will see a report in the result. It is up to the service to send the source to another service or not. Also check for software license
Extension for security scan Let’s install extension for WhiteSource Bolt https://marketplace.visualstudio.com/items?itemName=whitesource .ws-bolt There are a variety of other paid and free extensions available as well. https://marketplace.visualstudio.com/search?term=security&target =AzureDevOps&category=All%20categories&sortBy=Relevance If you want to use it all the time, specify Template as environment.
Specify a template in Environments
I'm having trouble keeping track of deployment s.
Track release events in the audit log 90 days for storage in Azure DevOps It must be exported periodically.  Event Grid  Splunk  Azure Monitor  REST API Create audit streaming | Microsoft Docs
Stream Audit log or Export with Logic Apps. Logic AppsでAzure DevOpsの監査ログをCosmos DBへ保存する
Summary Automation is great, but keep records so you don't end up wondering when you did it! It's silly for a human to do it, so let's have a machine do it (also tamper- proof). To be able to think, "If I make a mistake,
Appendix and Reference Security through templates https://docs.microsoft.com/en- us/azure/devops/pipelines/security/templates?WT.mc_id=DOP-MVP- 4039781?view=azure-devops Other security considerations https://docs.microsoft.com/en- us/azure/devops/pipelines/security/misc?WT.mc_id=DOP-MVP- 4039781?view=azure-devops Create and target an environment https://docs.microsoft.com/en- us/azure/devops/pipelines/process/environments?WT.mc_id=DOP-MVP- 4039781?view=azure-devops

Empfohlen

アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020Issei Hiraoka
 
DevOps - Isso existe mesmo?
DevOps - Isso existe mesmo? DevOps - Isso existe mesmo?
DevOps - Isso existe mesmo? André Dias
 
Implementation of SAST for Android Application
Implementation of SAST for Android ApplicationImplementation of SAST for Android Application
Implementation of SAST for Android Applicationsanjeevakumar methre
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...
DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...
DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...Danilo Bordini
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipDevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipBryan Len
 

Empfohlen

アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020Issei Hiraoka
 
DevOps - Isso existe mesmo?
DevOps - Isso existe mesmo? DevOps - Isso existe mesmo?
DevOps - Isso existe mesmo? André Dias
 
Implementation of SAST for Android Application
Implementation of SAST for Android ApplicationImplementation of SAST for Android Application
Implementation of SAST for Android Applicationsanjeevakumar methre
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...
DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...
DevOps : Criando uma prática eficiente de desenvolvimento, implementaçao e op...Danilo Bordini
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipDevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipBryan Len
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!VMware Tanzu
 
Testing in production with feature flags
Testing in production with feature flagsTesting in production with feature flags
Testing in production with feature flagsVSTS Community MSFT
 
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV SubrahmaniamAgile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV SubrahmaniamIndia Scrum Enthusiasts Community
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
All Around Azure: DevOps with GitHub - Managing the Flow of Work
All Around Azure: DevOps with GitHub - Managing the Flow of WorkAll Around Azure: DevOps with GitHub - Managing the Flow of Work
All Around Azure: DevOps with GitHub - Managing the Flow of WorkDavide Benvegnù
 
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...Rene Modery
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”Moshiul Islam, CISSP, CISA, CFE
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps PipelinePainless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps PipelineTasktop
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...Mohamed Nizzad
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar NikaleAgile Testing Alliance
 
PSE
PSEPSE
PSENaveen Kumar Singh
 
Demystifying versioning in spfx solutions
Demystifying versioning in spfx solutionsDemystifying versioning in spfx solutions
Demystifying versioning in spfx solutionsJasjit Chopra
 
SPS
SPSSPS
SPSNaveen Kumar Singh
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanIndia Scrum Enthusiasts Community
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
 
Microsoft Graph Toolkitを使ってGraph開発を体験しよう
Microsoft Graph Toolkitを使ってGraph開発を体験しよう Microsoft Graph Toolkitを使ってGraph開発を体験しよう
Microsoft Graph Toolkitを使ってGraph開発を体験しようDevTakas
 
PSD I
PSD IPSD I
PSD IKaushik Saha, Sr. Business Analyst, CSM, CSP, APO, ICP
 
A sustainable DevOps Transformation
A sustainable DevOps TransformationA sustainable DevOps Transformation
A sustainable DevOps TransformationDevOps Indonesia
 
Windows Azure(Pr-1).ppt.pptx
Windows Azure(Pr-1).ppt.pptxWindows Azure(Pr-1).ppt.pptx
Windows Azure(Pr-1).ppt.pptxPrincePatel272012
 
App development and deployment in microsoft azure
App development and deployment in microsoft azureApp development and deployment in microsoft azure
App development and deployment in microsoft azureAkhil Mavurapu
 

Weitere ähnliche Inhalte

Was ist angesagt?

Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!VMware Tanzu
 
Testing in production with feature flags
Testing in production with feature flagsTesting in production with feature flags
Testing in production with feature flagsVSTS Community MSFT
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
All Around Azure: DevOps with GitHub - Managing the Flow of Work
All Around Azure: DevOps with GitHub - Managing the Flow of WorkAll Around Azure: DevOps with GitHub - Managing the Flow of Work
All Around Azure: DevOps with GitHub - Managing the Flow of WorkDavide Benvegnù
 
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...Rene Modery
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”Moshiul Islam, CISSP, CISA, CFE
 
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps PipelinePainless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps PipelineTasktop
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...Mohamed Nizzad
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar NikaleAgile Testing Alliance
 
Demystifying versioning in spfx solutions
Demystifying versioning in spfx solutionsDemystifying versioning in spfx solutions
Demystifying versioning in spfx solutionsJasjit Chopra
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanIndia Scrum Enthusiasts Community
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
 
Microsoft Graph Toolkitを使ってGraph開発を体験しよう
Microsoft Graph Toolkitを使ってGraph開発を体験しよう Microsoft Graph Toolkitを使ってGraph開発を体験しよう
Microsoft Graph Toolkitを使ってGraph開発を体験しようDevTakas
 
A sustainable DevOps Transformation
A sustainable DevOps TransformationA sustainable DevOps Transformation
A sustainable DevOps TransformationDevOps Indonesia
 

Was ist angesagt? (20)

Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
 
Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!
 
Testing in production with feature flags
Testing in production with feature flagsTesting in production with feature flags
Testing in production with feature flags
 
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV SubrahmaniamAgile Tour Chennai 2015: Nexus - SRV Subrahmaniam
Agile Tour Chennai 2015: Nexus - SRV Subrahmaniam
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
All Around Azure: DevOps with GitHub - Managing the Flow of Work
All Around Azure: DevOps with GitHub - Managing the Flow of WorkAll Around Azure: DevOps with GitHub - Managing the Flow of Work
All Around Azure: DevOps with GitHub - Managing the Flow of Work
 
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...
Global Azure Bootcamp (Singapore) - Effectively using Azure DevOps in Microso...
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps PipelinePainless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps Pipeline
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
 
PSE
PSEPSE
PSE
 
Demystifying versioning in spfx solutions
Demystifying versioning in spfx solutionsDemystifying versioning in spfx solutions
Demystifying versioning in spfx solutions
 
SPS
SPSSPS
SPS
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
 
Microsoft Graph Toolkitを使ってGraph開発を体験しよう
Microsoft Graph Toolkitを使ってGraph開発を体験しよう Microsoft Graph Toolkitを使ってGraph開発を体験しよう
Microsoft Graph Toolkitを使ってGraph開発を体験しよう
 
PSD I
PSD IPSD I
PSD I
 
A sustainable DevOps Transformation
A sustainable DevOps TransformationA sustainable DevOps Transformation
A sustainable DevOps Transformation
 

Ähnlich wie DevOps Compliance Security CI/CD Azure Policy Pipelines

Windows Azure(Pr-1).ppt.pptx
Windows Azure(Pr-1).ppt.pptxWindows Azure(Pr-1).ppt.pptx
Windows Azure(Pr-1).ppt.pptxPrincePatel272012
 
App development and deployment in microsoft azure
App development and deployment in microsoft azureApp development and deployment in microsoft azure
App development and deployment in microsoft azureAkhil Mavurapu
 
Dev ops developer (session 3)
Dev ops developer (session 3)Dev ops developer (session 3)
Dev ops developer (session 3)MSDEVMTL
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoringOracle Korea
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringDonghuKIM2
 
Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)Sergio Navarro Pino
 
Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie
Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie
Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie Delta-N
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Ethos Technologies
 
7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...
7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...
7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...XBOSoft
 
.NET Application Modernization with PAS and Azure DevOps
.NET Application Modernization with PAS and Azure DevOps.NET Application Modernization with PAS and Azure DevOps
.NET Application Modernization with PAS and Azure DevOpsVMware Tanzu
 
[AI] ML Operationalization with Microsoft Azure
[AI] ML Operationalization with Microsoft Azure[AI] ML Operationalization with Microsoft Azure
[AI] ML Operationalization with Microsoft AzureKorkrid Akepanidtaworn
 
Zure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training dayZure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training dayOkko Oulasvirta
 
Práticas, Técnicas e Ferramentas para Continuous Delivery com ALM
Práticas, Técnicas e Ferramentas para Continuous Delivery com ALMPráticas, Técnicas e Ferramentas para Continuous Delivery com ALM
Práticas, Técnicas e Ferramentas para Continuous Delivery com ALMMarcelo Sousa Ancelmo
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesVMware Tanzu
 
Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Matt Raible
 
Accelerate your Application Delivery with DevOps and Microservices
Accelerate your Application Delivery with DevOps and MicroservicesAccelerate your Application Delivery with DevOps and Microservices
Accelerate your Application Delivery with DevOps and MicroservicesAmazon Web Services
 
12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...
12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...
12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...cornelia davis
 

Ähnlich wie DevOps Compliance Security CI/CD Azure Policy Pipelines (20)

Windows Azure(Pr-1).ppt.pptx
Windows Azure(Pr-1).ppt.pptxWindows Azure(Pr-1).ppt.pptx
Windows Azure(Pr-1).ppt.pptx
 
App development and deployment in microsoft azure
App development and deployment in microsoft azureApp development and deployment in microsoft azure
App development and deployment in microsoft azure
 
Dev ops developer (session 3)
Dev ops developer (session 3)Dev ops developer (session 3)
Dev ops developer (session 3)
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoring
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics Monitoring
 
Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)
 
Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie
Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie
Ontwikkelstraat in de Cloud: ALM en Azure een krachtige combinatie
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in Action
 
7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...
7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...
7 Things Testers Should Know About The Cloud with Bill Wilder & XBOSoft March...
 
Advanced deployment scenarios
Advanced deployment scenariosAdvanced deployment scenarios
Advanced deployment scenarios
 
.NET Application Modernization with PAS and Azure DevOps
.NET Application Modernization with PAS and Azure DevOps.NET Application Modernization with PAS and Azure DevOps
.NET Application Modernization with PAS and Azure DevOps
 
[AI] ML Operationalization with Microsoft Azure
[AI] ML Operationalization with Microsoft Azure[AI] ML Operationalization with Microsoft Azure
[AI] ML Operationalization with Microsoft Azure
 
Zure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training dayZure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training day
 
Práticas, Técnicas e Ferramentas para Continuous Delivery com ALM
Práticas, Técnicas e Ferramentas para Continuous Delivery com ALMPráticas, Técnicas e Ferramentas para Continuous Delivery com ALM
Práticas, Técnicas e Ferramentas para Continuous Delivery com ALM
 
Installation of Silk Test Framework
Installation of Silk Test FrameworkInstallation of Silk Test Framework
Installation of Silk Test Framework
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice Architectures
 
Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020
 
Accelerate your Application Delivery with DevOps and Microservices
Accelerate your Application Delivery with DevOps and MicroservicesAccelerate your Application Delivery with DevOps and Microservices
Accelerate your Application Delivery with DevOps and Microservices
 
12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...
12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...
12 Factor, or Cloud Native Apps – What EXACTLY Does that Mean for Spring Deve...
 

Mehr von Kazushi Kamegawa

「何もしないのにCIが失敗した」を防ぐ
「何もしないのにCIが失敗した」を防ぐ「何もしないのにCIが失敗した」を防ぐ
「何もしないのにCIが失敗した」を防ぐKazushi Kamegawa
 
Ignite 2021秋 recap - 開発者向け新機能紹介
Ignite 2021秋 recap - 開発者向け新機能紹介Ignite 2021秋 recap - 開発者向け新機能紹介
Ignite 2021秋 recap - 開発者向け新機能紹介Kazushi Kamegawa
 
Azure boards for beginners
Azure boards for beginnersAzure boards for beginners
Azure boards for beginnersKazushi Kamegawa
 
Deploy Strategy with Azure Pipelines
Deploy Strategy with Azure PipelinesDeploy Strategy with Azure Pipelines
Deploy Strategy with Azure PipelinesKazushi Kamegawa
 
DevOps and Compliance and Security
DevOps and Compliance and SecurityDevOps and Compliance and Security
DevOps and Compliance and SecurityKazushi Kamegawa
 
Ignite 2021 振り返り(DevOps)
Ignite 2021 振り返り(DevOps)Ignite 2021 振り返り(DevOps)
Ignite 2021 振り返り(DevOps)Kazushi Kamegawa
 
How to create your own Azure Pipeline's image
How to create your own Azure Pipeline's imageHow to create your own Azure Pipeline's image
How to create your own Azure Pipeline's imageKazushi Kamegawa
 
Azure DevOps入門~TechLab編
Azure DevOps入門~TechLab編Azure DevOps入門~TechLab編
Azure DevOps入門~TechLab編Kazushi Kamegawa
 
Introduce TFSUG and Azure DevOps Server 2020
Introduce TFSUG and Azure DevOps Server 2020Introduce TFSUG and Azure DevOps Server 2020
Introduce TFSUG and Azure DevOps Server 2020Kazushi Kamegawa
 
Azure DevOps Online Vol.3 - Inside Azure Pipelines
Azure DevOps Online Vol.3 - Inside Azure PipelinesAzure DevOps Online Vol.3 - Inside Azure Pipelines
Azure DevOps Online Vol.3 - Inside Azure PipelinesKazushi Kamegawa
 
Getting Start for Azure Pipelines
Getting Start for Azure PipelinesGetting Start for Azure Pipelines
Getting Start for Azure PipelinesKazushi Kamegawa
 
Azure Boards and Azure Test Plans inside out.
Azure Boards and Azure Test Plans inside out.Azure Boards and Azure Test Plans inside out.
Azure Boards and Azure Test Plans inside out.Kazushi Kamegawa
 
Azure DevOps Management in Organization
Azure DevOps Management in OrganizationAzure DevOps Management in Organization
Azure DevOps Management in OrganizationKazushi Kamegawa
 
What's new Azure DevOps in //Build 2019
What's new Azure DevOps in //Build 2019What's new Azure DevOps in //Build 2019
What's new Azure DevOps in //Build 2019Kazushi Kamegawa
 
Deploy to Azure by ??? Azure Repos or GitHub
Deploy to Azure by ??? Azure Repos or GitHubDeploy to Azure by ??? Azure Repos or GitHub
Deploy to Azure by ??? Azure Repos or GitHubKazushi Kamegawa
 
Azure DevOpsとセキュリティ
Azure DevOpsとセキュリティAzure DevOpsとセキュリティ
Azure DevOpsとセキュリティKazushi Kamegawa
 
はじめてのコンテナーDocker & Windows & Linux
はじめてのコンテナーDocker & Windows & LinuxはじめてのコンテナーDocker & Windows & Linux
はじめてのコンテナーDocker & Windows & LinuxKazushi Kamegawa
 

Mehr von Kazushi Kamegawa (20)

「何もしないのにCIが失敗した」を防ぐ
「何もしないのにCIが失敗した」を防ぐ「何もしないのにCIが失敗した」を防ぐ
「何もしないのにCIが失敗した」を防ぐ
 
Ignite 2021秋 recap - 開発者向け新機能紹介
Ignite 2021秋 recap - 開発者向け新機能紹介Ignite 2021秋 recap - 開発者向け新機能紹介
Ignite 2021秋 recap - 開発者向け新機能紹介
 
Azure boards for beginners
Azure boards for beginnersAzure boards for beginners
Azure boards for beginners
 
Deploy Strategy with Azure Pipelines
Deploy Strategy with Azure PipelinesDeploy Strategy with Azure Pipelines
Deploy Strategy with Azure Pipelines
 
DevOps and Compliance and Security
DevOps and Compliance and SecurityDevOps and Compliance and Security
DevOps and Compliance and Security
 
Ignite 2021 振り返り(DevOps)
Ignite 2021 振り返り(DevOps)Ignite 2021 振り返り(DevOps)
Ignite 2021 振り返り(DevOps)
 
How to create your own Azure Pipeline's image
How to create your own Azure Pipeline's imageHow to create your own Azure Pipeline's image
How to create your own Azure Pipeline's image
 
NET5 and Diagnostics
NET5 and DiagnosticsNET5 and Diagnostics
NET5 and Diagnostics
 
Azure DevOps入門~TechLab編
Azure DevOps入門~TechLab編Azure DevOps入門~TechLab編
Azure DevOps入門~TechLab編
 
Introduce TFSUG and Azure DevOps Server 2020
Introduce TFSUG and Azure DevOps Server 2020Introduce TFSUG and Azure DevOps Server 2020
Introduce TFSUG and Azure DevOps Server 2020
 
Azure DevOps Online Vol.3 - Inside Azure Pipelines
Azure DevOps Online Vol.3 - Inside Azure PipelinesAzure DevOps Online Vol.3 - Inside Azure Pipelines
Azure DevOps Online Vol.3 - Inside Azure Pipelines
 
Getting Start for Azure Pipelines
Getting Start for Azure PipelinesGetting Start for Azure Pipelines
Getting Start for Azure Pipelines
 
Azure Boards and Azure Test Plans inside out.
Azure Boards and Azure Test Plans inside out.Azure Boards and Azure Test Plans inside out.
Azure Boards and Azure Test Plans inside out.
 
Azure DevOps's security
Azure DevOps's securityAzure DevOps's security
Azure DevOps's security
 
Azure DevOps Management in Organization
Azure DevOps Management in OrganizationAzure DevOps Management in Organization
Azure DevOps Management in Organization
 
What's new Azure DevOps in //Build 2019
What's new Azure DevOps in //Build 2019What's new Azure DevOps in //Build 2019
What's new Azure DevOps in //Build 2019
 
Deploy to Azure by ??? Azure Repos or GitHub
Deploy to Azure by ??? Azure Repos or GitHubDeploy to Azure by ??? Azure Repos or GitHub
Deploy to Azure by ??? Azure Repos or GitHub
 
Azure DevOpsとセキュリティ
Azure DevOpsとセキュリティAzure DevOpsとセキュリティ
Azure DevOpsとセキュリティ
 
What's Azure DevOps
What's Azure DevOpsWhat's Azure DevOps
What's Azure DevOps
 
はじめてのコンテナーDocker & Windows & Linux
はじめてのコンテナーDocker & Windows & LinuxはじめてのコンテナーDocker & Windows & Linux
はじめてのコンテナーDocker & Windows & Linux
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Kürzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

DevOps Compliance Security CI/CD Azure Policy Pipelines

  • 1. DevOps and Compliance and Security KAMEGAWA Kazushi(kkamegawa)
  • 2. Who am I? personal: name: KAMEGAWA Kazushi(Last-First) alias: kkamegawa community: MVP: Microsoft MVP for Developer Technologies(2009-) Users Group: Team Foundation Server Users Group URL: https://dev.azure.com/tfsug/tfsuginfo Blog: URL: https://kkamegawa.hatenablog.jp devblog radio: https://devblog.connpass.com/
  • 3. This contents based on 2021/4/21
  • 4.
  • 6.
  • 7. Deploy 5W1H When Who Where How What Why
  • 9. Azure Web Apps’s CI/CD | Microsoft Docs Basic CI/CD for Azure Web Apps
  • 10. Automated deploy is cool, but? We MUST use Japan Region. I didn’t know when deployed.
  • 11. Security and Compliance feature in Azure
  • 12. Compliance and Security for CI/CD DO NOT deploy illegal environment. Tracking when it is deployed. Make them follow the rules of the deployment procedure. Perform a vulnerability check.
  • 13. Collaborate Azure Pipelines and Azure Policy 1. Policy checking when deploying artifacts. 2. Deploy if the policy is satisfied. 3. Deny if the policy is not satisfied.
  • 14. Define Azure Policy(sample) Azure Policy | Microsoft Docs Define Azure Policy with Resource group or Subscription Evaluate the policy over a period. It seems like not evaluate immediately the policy at Pipelines.
  • 15. Evaluation deploy with Azure Policy. Policy is satisfied (Deploy go) Policy is not satisfied (can’t deploy)
  • 16. Azure Pipelines and Azure Policy Azure Policy Task only supports Classic Release. But Pipeline supports, Build definition is YAML, Release is Classic.
  • 17.
  • 18.
  • 19. It looks like useful for that Image
  • 20.
  • 21. Azure Pipelines and Container registry mcr.microsoft.com malware.example.com ghcr.io/xxxxx Artifact policy checks | Microsoft Docs Don't use Environments to deploy anything other than images from specific allowed container registries. Queries are written in a language called Rego. There is a template that you can use at first.
  • 22. Arrow list in Environments.
  • 23. Define in Azure Pipelines Unknown Container Image Environment Deploy failed when use container image other side mcr.microsoft.com
  • 24. Creating a pipeline by yourself will cause problems. Service connection Limit the pipelines that can be referenced. Prepare a YAML template that defines the environment for deployment, manage it separately from the build, and separate it from those who can deploy it. Pull Request driven
  • 25.
  • 26. Let’s copy this OSS‘s a part of source code!
  • 27.
  • 28. OSS source code scan in Azure Pipelines If you specify an extension in a YAML template and build it, you will see a report in the result. It is up to the service to send the source to another service or not. Also check for software license
  • 29. Extension for security scan Let’s install extension for WhiteSource Bolt https://marketplace.visualstudio.com/items?itemName=whitesource .ws-bolt There are a variety of other paid and free extensions available as well. https://marketplace.visualstudio.com/search?term=security&target =AzureDevOps&category=All%20categories&sortBy=Relevance If you want to use it all the time, specify Template as environment.
  • 30. Specify a template in Environments
  • 32. Track release events in the audit log 90 days for storage in Azure DevOps It must be exported periodically.  Event Grid  Splunk  Azure Monitor  REST API Create audit streaming | Microsoft Docs
  • 33. Stream Audit log or Export with Logic Apps. Logic AppsでAzure DevOpsの監査ログをCosmos DBへ保存する
  • 34. Summary Automation is great, but keep records so you don't end up wondering when you did it! It's silly for a human to do it, so let's have a machine do it (also tamper- proof). To be able to think, "If I make a mistake,
  • 35. Appendix and Reference Security through templates https://docs.microsoft.com/en- us/azure/devops/pipelines/security/templates?WT.mc_id=DOP-MVP- 4039781?view=azure-devops Other security considerations https://docs.microsoft.com/en- us/azure/devops/pipelines/security/misc?WT.mc_id=DOP-MVP- 4039781?view=azure-devops Create and target an environment https://docs.microsoft.com/en- us/azure/devops/pipelines/process/environments?WT.mc_id=DOP-MVP- 4039781?view=azure-devops