Advertisement

Azure Pipelines Generator

Create secure Azure DevOps pipelines with integrated security scanning and best practices.

What is Azure Pipelines?

Azure Pipelines is a cloud service that automatically builds and tests your code project and makes it available to other users. It works with just about any language or project type and integrates with Azure DevOps, GitHub, and other version control systems.

Learn more about Azure Pipelines

Security Features

Microsoft Security Code Analysis

Integrate Microsoft Security Code Analysis (MSCA) to scan your code for security vulnerabilities.

WhiteSource Bolt

Scan your open source components for security vulnerabilities and license compliance issues.

SonarCloud Integration

Integrate SonarCloud to perform static code analysis and identify code quality issues.

OWASP ZAP Scanning

Perform dynamic application security testing using OWASP ZAP to identify vulnerabilities in your web applications.

Sample Pipeline

trigger:
- main

pool:
  vmImage: 'ubuntu-latest'

stages:
- stage: Build
  jobs:
  - job: BuildAndTest
    steps:
    - task: NodeTool@0
      inputs:
        versionSpec: '18.x'
      displayName: 'Install Node.js'

    - script: |
        npm install
        npm run build
      displayName: 'npm install and build'

    - task: WhiteSource@21
      inputs:
        cwd: '$(System.DefaultWorkingDirectory)'
        projectName: '$(Build.Repository.Name)'
      displayName: 'Run WhiteSource Bolt'

    - task: SonarCloudPrepare@1
      inputs:
        SonarCloud: 'SonarCloud'
        organization: 'your-organization'
        scannerMode: 'CLI'
        configMode: 'manual'
        cliProjectKey: 'your-project-key'
        cliProjectName: 'Your Project Name'
      displayName: 'Prepare SonarCloud analysis'

    - script: |
        npm test
      displayName: 'Run tests'

    - task: SonarCloudAnalyze@1
      displayName: 'Run SonarCloud analysis'

    - task: SonarCloudPublish@1
      inputs:
        pollingTimeoutSec: '300'
      displayName: 'Publish SonarCloud results'

    - task: SnykSecurityScan@1
      inputs:
        serviceConnectionEndpoint: 'Snyk'
        testType: 'app'
        severityThreshold: 'high'
        monitorWhen: 'always'
      displayName: 'Run Snyk Security Scan'

    - task: PublishTestResults@2
      inputs:
        testResultsFormat: 'JUnit'
        testResultsFiles: '**/junit.xml'
        mergeTestResults: true
      displayName: 'Publish test results'

    - task: PublishCodeCoverageResults@1
      inputs:
        codeCoverageTool: 'Cobertura'
        summaryFileLocation: '$(System.DefaultWorkingDirectory)/coverage/cobertura-coverage.xml'
      displayName: 'Publish code coverage'

- stage: Security
  dependsOn: Build
  jobs:
  - job: SecurityScans
    steps:
    - task: Docker@2
      inputs:
        command: 'build'
        Dockerfile: '**/Dockerfile'
        tags: 'latest'
      displayName: 'Build Docker image'

    - script: |
        docker run --rm -v $(pwd):/zap/wrk owasp/zap2docker-stable zap-baseline.py -t https://your-app-url -g gen.conf -r zap-report.html
      displayName: 'Run OWASP ZAP Scan'

    - task: PublishBuildArtifacts@1
      inputs:
        pathtoPublish: 'zap-report.html'
        artifactName: 'ZAPReport'
      displayName: 'Publish ZAP Report'

Getting Started

  1. Create a new pipeline in your Azure DevOps project
  2. Configure your pipeline using our generator to include the security scans you need
  3. Set up service connections in your Azure DevOps project settings for any external services like SonarCloud or Snyk
  4. Save and run your pipeline to start the build and security scanning process
  5. Review security findings in the pipeline results and address any issues
Back to PipelinesGenerate Azure Pipeline
Advertisement