Building security into your Azure DevOps Pipeline
Azure Pipelines allows users to focus more time on writing their applications by making it easy to automate their builds, tests, and deployments. Specifically, Tasks for Azure Pipelines enables users to customize and automate an Azure Pipelines CI/CD workflow with a group of ready-to-use tasks that can be inserted into pipelines from the Azure Pipelines interface.
As the ownership of application security shifts to the left, building security policy into Azure Pipeline becomes critical.
Snyk for Azure Pipelines
Snyk integrates across the Azure suite of tools, from Azure Repos through to Azure DevOps, Azure Functions—as well as Azure Container Registry and Azure Kubernetes Service on the container side. We are pleased to announce that Snyk now integrates with Azure Pipelines, part of the Azure DevOps developer tools suite. The Snyk Security Scan Azure Pipelines Task
scans your application dependencies and container images for open source security vulnerabilities and can be seamlessly added to your continuous integration/continuous delivery (CI/CD) workflow.
The community-driven Snyk Task that was built by Jesse Houwing from Microsoft partner Xpirit, has been deprecated. Users are encouraged to move to the Task that is published and maintained by Snyk itself.
Here is a short video showing how to install the Snyk Security Scan with the Azure Pipelines UI:
With the Snyk Security Scan for Azure Pipelines task, you can quickly add Snyk scanning to your pipelines to test and monitor for vulnerabilities at part of the CI/CD workflow.. Results are then displayed from the Azure Pipelines output and can also be monitored in the Snyk.io interface.