Azure Advance Security — DevOps

Azure Advanced Security from Servent helps organisations address the challenges of securing their hybrid infrastructure and data whilst meeting the growing demands of a rapidly changing threat landscape by utilising Azure security capabilities. Assess Building a multi layered, secure. foundation.

Azure Advanced Security we adopt a three-phase approach, as shown below.

1. Assess
2. Enable
3. Protect

We will analyse and review your organizations current security capabilities and posture license coverage (or) gaps and develop a roadmap to deliver solutions in line with your security aspirations.

buymeacoffee ☕ 👈 Click the link

We will work with your teams to deploy ad configure in a cost -effective manner the defender services relevent to meet your security requirements, ensuring that all agents/extensions, data connectors etc..,

We will help you to secure your environment by evaluvating, risk assess and remediate alerts and incident generated by the defender products and work with you to identify oppourtunities for automation.

A network consists of two or more computers that are linked in order to share resources.

DevSecOps is the practice of integrating security testing at every stage of the software development process.

The practice of protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle.

Infrastructure as code (IaC) is the ability to provision and support your computing infrastructure using code instead of manual processes and settings. Any application environment requires many infrastructure components like operating systems, database connections, and storage.

A data pipeline is a set of tools and processes used to automate the movement and transformation of data between a source system and a target repository.

A continuous integration and continuous deployment (CI/CD) pipeline is a series of steps that must be performed in order to deliver a new version of software. CI/CD pipelines are a practice focused on improving software delivery throughout the software development life cycle via automation.

Infrastructure provisioning

Infrastructure Provisioning is the process of creating and setting up IT infrastructure, and includes the steps required to manage user and system access to various resources.

Refer the Previous blog Pipeline code 👈

Goto Azure Portal → Cloud Shell → Enter the below code

az group create --name day12-demo-rg --location westus

az aks create --resource-group day12-demo-rg --name day12-demo-cluster --enable-addons monitoring --generate-ssh-keys --location westus

az acr create --resource-group day12-demo-rg --name day12demoacrs --sku Standard --location westus

az aks update -n day12-demo-cluster -g day12-demo-rg --attach-acr day12demoacrs

az sql server create -l westus -g day12-demo-rg -n day12-demo1-sqlserver -u sqladmin -p P2ssw0rd1234

az sql db create -g day12-demo-rg -s day12-demo1-sqlserver -n mhcdb --service-objective S0

All resources are created. Give the permission sql server in allow permission.

Modify the service connections in all setting.

Lets go the Azure repo and enable the advanced security

Block secret on push will automatically check any incoming pushes for embedded secrets and reject them automatically.

A project administrator is responsible for various administrative duties surrounding a project. These duties may include documentation, meeting management, handling the project budget, and using time management skills to help the team stay on track.

Dependency Scanning can automatically find security vulnerabilities in your software dependencies while you’re developing and testing your applications. Add 2 dependencies.

1. Advanced Security dependency Scanning
2. Advanced Security Publish Results

Publish the results means a written notice by the secretary provided to the complainant and respondent that there has been no violation and the complaint has been dismissed.

Save the changes run the pipeline

Vulnerability means to have a weakness that can exploited, and we all have them, potentially lots of them.

Goto azure repo → Check advance security → Dependencies

Found the lot of vulnerability

Click that any one vulnerability. Its detailed show

Secret scanning involves scanning code repositories and other data sources for sensitive information, such as passwords and access keys.

No secret code posted

Added secret lets see how its work

Read more → Secret Scanning

Keys

 "DefaultAdminUsername": "Admin",
  "DefaultAdminPassword": "bFqfTmBE/ravWMlkEZCz7Hkl7VJcFXCagX9Boy/amvv9QK0pytSSJx1vp/vAsyvFbvWIGDodZcQV+AStmq+94A==,

Find out the secret

Replace Tokens is an extension that can be used in Azure DevOps, which provides the possibility to replace tokens in the code files with variables values (which can be configured in the Pipelines Library) during the execution of the CI/CD process.

Variable groups store values and secrets that you might want to be passed into a YAML pipeline or make available across multiple pipelines.

Secure files are encrypted and can only be used when you consume them from a task. Secure files are a protected resource.

You can add approvals and checks to them and set pipeline permissions. Secure files also can use the Library security model. The size limit for each secure file is 10 MB. Add Secure files.

Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, (or) cryptographic keys.

Key Vault service supports two types of containers → Vaults and managed hardware security module(HSM) pools

Add another task → Advance Security Initialize CodeQL

CodeQL is the code analysis engine developed by GitHub to automate security checks. You can analyze your code using CodeQL and display the results as code scanning alerts.

Add one → Advance Security Perform CodeQL analysis

Code scanning examines code and looks for bugs and security flaws. Any issues found are displayed by the system, enabling you to address them quickly and enhance the security of your application.

Vulnerability and Security threads listed here

Read more Code Security 👈

Thank you 🙏 for taking the time to read our blog.