Building security into your Azure DevOps Pipeline

Written by:
Hayley Denbraver
Hayley Denbraver

December 16, 2019

0 mins read

Azure Pipelines allows users to focus more time on writing their applications by making it easy to automate their builds, tests, and deployments. Specifically, Tasks for Azure Pipelines enables users to customize and automate an Azure Pipelines CI/CD workflow with a group of ready-to-use tasks that can be inserted into pipelines from the Azure Pipelines interface.

As the ownership of application security shifts to the left, building security policy into Azure Pipeline becomes critical.

Snyk for Azure Pipelines

Snyk integrates across the Azure suite of tools, from Azure Repos through to Azure DevOps, Azure Functions—as well as Azure Container Registry and Azure Kubernetes Service on the container side. We are pleased to announce that Snyk now integrates with Azure Pipelines, part of the Azure DevOps developer tools suite. The Snyk Security Scan Azure Pipelines Task scans your application dependencies and container images for open source security vulnerabilities and can be seamlessly added to your continuous integration/continuous delivery (CI/CD) workflow.


The community-driven Snyk Task that was built by Jesse Houwing from Microsoft partner Xpirit, has been deprecated. Users are encouraged to move to the Task that is published and maintained by Snyk itself.

Here is a short video showing how to install the Snyk Security Scan with the Azure Pipelines UI:

With the Snyk Security Scan for Azure Pipelines task, you can quickly add Snyk scanning to your pipelines to test and monitor for vulnerabilities at part of the CI/CD workflow. Results are then displayed from the Azure Pipelines output and can also be monitored in the interface.

Read more on our documentation page, get started on the Azure DevOps Marketplace, and stay secure!

Posted in:DevSecOps

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

© 2024 Snyk Limited
Registered in England and Wales