Building security into your Azure DevOps Pipeline

Écrit par:
Hayley Denbraver
Hayley Denbraver

16 décembre 2019

0 minutes de lecture

Azure Pipelines allows users to focus more time on writing their applications by making it easy to automate their builds, tests, and deployments. Specifically, Tasks for Azure Pipelines enables users to customize and automate an Azure Pipelines CI/CD workflow with a group of ready-to-use tasks that can be inserted into pipelines from the Azure Pipelines interface.

As the ownership of application security shifts to the left, building security policy into Azure Pipeline becomes critical.

Snyk for Azure Pipelines

Snyk integrates across the Azure suite of tools, from Azure Repos through to Azure DevOps, Azure Functions—as well as Azure Container Registry and Azure Kubernetes Service on the container side. We are pleased to announce that Snyk now integrates with Azure Pipelines, part of the Azure DevOps developer tools suite. The Snyk Security Scan Azure Pipelines Task scans your application dependencies and container images for open source security vulnerabilities and can be seamlessly added to your continuous integration/continuous delivery (CI/CD) workflow.


The community-driven Snyk Task that was built by Jesse Houwing from Microsoft partner Xpirit, has been deprecated. Users are encouraged to move to the Task that is published and maintained by Snyk itself.

Here is a short video showing how to install the Snyk Security Scan with the Azure Pipelines UI:

With the Snyk Security Scan for Azure Pipelines task, you can quickly add Snyk scanning to your pipelines to test and monitor for vulnerabilities at part of the CI/CD workflow. Results are then displayed from the Azure Pipelines output and can also be monitored in the interface.

Read more on our documentation page, get started on the Azure DevOps Marketplace, and stay secure!

Publié dans:DevSecOps

Snyk est une plateforme de sécurité des développeurs. S’intégrant directement aux outils, workflows et pipelines de développement, Snyk facilite la détection, la priorisation et la correction des failles de sécurité dans le code, les dépendances, les conteneurs et l’infrastructure en tant que code (IaC). Soutenu par une intelligence applicative et sécuritaire de pointe, Snyk intègre l'expertise de la sécurité au sein des outils de chaque développeur.

Démarrez gratuitementRéservez une démo en ligne

© 2024 Snyk Limited
Enregistré en Angleterre et au Pays de Galles