Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. Azure DevOps supports a collaborative culture and set of processes that bring together developers, project managers, and contributors to develop software. It allows organizations to create and improve products at a faster pace than they can with traditional software development approaches.
You can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. For information on the differences between the cloud versus on-premises platforms, see Azure DevOps Services and Azure DevOps Server.
Azure DevOps Portal: https://azure.microsoft.com/en-us/products/devops/
Introduction
Azure DevOps provides integrated features that you can access through your web browser or IDE client. You can use one or more of the following standalone services based on your business needs:
- Azure Repos provides Git repositories or Team Foundation Version Control (TFVC) for source control of your code. For more information about Azure Repos, see What is Azure Repos?.
- Azure Pipelines provides build and release services to support continuous integration and delivery of your applications. For more information about Azure Pipelines, see What is Azure Pipelines?.
- Azure Boards delivers a suite of Agile tools to support planning and tracking work, code defects, and issues using Kanban and Scrum methods. For more information about Azure Boards, see What is Azure Boards?.
- Azure Test Plans provides several tools to test your apps, including manual/exploratory testing and continuous testing. For more information about Azure Test Plans, see Overview of Azure Test Plans
- Azure Artifacts allows teams to share packages such as Maven, npm, NuGet, and more from public and private sources and integrate package sharing into your pipelines. For more information about Azure Artifacts, see Overview of Azure Artifacts.
Sign Up
Azure DevOps Services
When you sign up for Azure DevOps, you get the following tier of free services:
- First five users free (Basic license)
- Azure Pipelines:
- One Microsoft-hosted CI/CD (one concurrent job, up to 30 hours per month)
- One self-hosted CI/CD concurrent job
- Azure Boards: Work item tracking and Kanban boards
- Azure Repos: Unlimited private Git repos
- Azure Artifacts: Two GiB free per organization
You can sign up for Azure DevOps with either a Microsoft or GitHub account.
Practices
Note: https://www.microsoft.com/en-us/securityengineering/devsecops
Practice #1—Provide Training
Practice #2—Define Requirements (Minimum-security baseline)
Practice #3—Define Metrics and Compliance Reporting
Practice #4—Use Software Composition Analysis (SCA) and Governance
Practice #5—Perform Threat Modeling
Practice #6—Use Tools and Automation
Practice #7—Keep Credentials Safe
Practice #8—Use Continuous Learning and Monitoring
Examples
- Create your first Azure Pipeline
- Deploy to a Linux Virtual Machine
- Start monitoring your Java Web Application
- Deploy a Docker container app to Azure Kubernetes Service
- Build, test, and deploy Javascript and Node.js apps in Azure Pipelines
- Build Java apps in Azure Pipelines
- Create a complete Linux virtual machine infrastructure in Azure with Terraform
Secure DevOps: Application Security Principles and Practices, All Modules
https://mslearningcampus.com/
Links
- https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
- https://www.microsoft.com/en-us/securityengineering/sdl/practices
- https://dev.azure.com/secureDevOpsDelivery/_git/MyHealthClinicSecDevOps-Public?path=%2FLabs
- https://www.microsoft.com/en-us/securityengineering/osa/practices
- https://learn.microsoft.com/en-us/compliance/regulatory/offering-home
- https://learn.microsoft.com/en-us/security/benchmark/azure/
- https://dev.azure.com/secureDevOpsDelivery/_git/MyHealthClinicSecDevOps-Public?path=/Labs/Module-3-Application-Security-Principles.md&_a=preview
- https://owasp.org/www-project-zap/
- https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/
- https://github.com/azsk/AzTS-docs
- https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
- https://www.microsoft.com/en-us/trust-center/compliance/compliance-overview
- https://mitre-attack.github.io/attack-navigator/
- https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement
- https://www.first.org/cvss/calculator/3.0
- https://learn.microsoft.com/en-us/security/sdl/security-bug-bar-sample
References
- https://mslearningcampus.com/