Configure the Microsoft Security DevOps Azure DevOps extension
Microsoft Security DevOps is a command line application that integrates static analysis tools into the development lifecycle. Microsoft Security DevOps installs, configures, and runs the latest versions of static analysis tools (including, but not limited to, SDL/security and compliance tools). Microsoft Security DevOps is data-driven with portable configurations that enable deterministic execution across multiple environments.
The Microsoft Security DevOps uses the following Open Source tools:
| Name | Language | License |
|---|---|---|
| AntiMalware | AntiMalware protection in Windows from Microsoft Defender for Endpoint, that scans for malware and breaks the build if malware has been found. This tool scans by default on windows-latest agent. | Not Open Source |
| Bandit | Python | Apache License 2.0 |
| BinSkim | Binary–Windows, ELF | MIT License |
| Credscan | <p>Credential Scanner (also known as CredScan) is a tool developed and maintained by Microsoft to identify credential leaks such as those in source code and configuration files common types: default passwords, SQL connection strings, Certificates with private keys</p> |
Not Open Source |
| ESlint | JavaScript | MIT License |
| Template Analyzer | ARM template, Bicep file | MIT License |
| Terrascan | Terraform (HCL2), Kubernetes (JSON/YAML), Helm v3, Kustomize, Dockerfiles, Cloud Formation | Apache License 2.0 |
| Trivy | container images, file systems, git repositories | Apache License 2.0 |
YAML
```yaml
Starter pipeline
Start with a minimal pipeline that you can customize to build and deploy your code.
Add steps that build, run tests, deploy, and more:
https://aka.ms/yaml
trigger: none pool: vmImage: ‘windows-latest’ steps:
- task: MicrosoftSecurityDevOps@1 displayName: ‘Microsoft Security DevOps’ ```plaintext