Building security into your Azure DevOps Pipeline

Artikel von:
Hayley Denbraver
Hayley Denbraver
wordpress-sync/Microspft-Blog-Feature

December 16, 2019

0 Min. Lesezeit

Azure Pipelines allows users to focus more time on writing their applications by making it easy to automate their builds, tests, and deployments. Specifically, Tasks for Azure Pipelines enables users to customize and automate an Azure Pipelines CI/CD workflow with a group of ready-to-use tasks that can be inserted into pipelines from the Azure Pipelines interface.

As the ownership of application security shifts to the left, building security policy into Azure Pipeline becomes critical.

Snyk for Azure Pipelines

Snyk integrates across the Azure suite of tools, from Azure Repos through to Azure DevOps, Azure Functions—as well as Azure Container Registry and Azure Kubernetes Service on the container side. We are pleased to announce that Snyk now integrates with Azure Pipelines, part of the Azure DevOps developer tools suite. The Snyk Security Scan Azure Pipelines Task scans your application dependencies and container images for open source security vulnerabilities and can be seamlessly added to your continuous integration/continuous delivery (CI/CD) workflow.

Screen-Shot-2019-12-16-at-7.13.26-AM

The community-driven Snyk Task that was built by Jesse Houwing from Microsoft partner Xpirit, has been deprecated. Users are encouraged to move to the Task that is published and maintained by Snyk itself.

Here is a short video showing how to install the Snyk Security Scan with the Azure Pipelines UI:

With the Snyk Security Scan for Azure Pipelines task, you can quickly add Snyk scanning to your pipelines to test and monitor for vulnerabilities at part of the CI/CD workflow. Results are then displayed from the Azure Pipelines output and can also be monitored in the Snyk.io interface.

Read more on our documentation page, get started on the Azure DevOps Marketplace, and stay secure!

Gepostet in:DevSecOps
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk ist eine Developer Security Plattform. Integrieren Sie Snyk in Ihre Tools, Workflows und Pipelines im Dev-Prozess – und Ihre Teams identifizieren, priorisieren und beheben Schwachstellen in Code, Abhängigkeiten, Containern, Cloud-Ressourcen und IaC nahtlos. Snyk bringt branchenführende Application & Security Intelligence in jede IDE.

Kostenlos startenLive-Demo buchen

© 2024 Snyk Limited
Alle Rechte vorbehalten

logo-devseccon