Microsoft DevOps Security in Defender for Cloud for Azure DevOps

Overview?

Last year, Microsoft introduced a new service in Defender for Cloud called Microsoft DevOps Security. This service is a part of the Azure Defender for Cloud suite, designed to help secure DevOps pipelines and detect suspicious activity.

In this blog post, I will show you how to set up Microsoft DevOps Security in Defender for Cloud and how to use it to monitor your Azure DevOps pipelines.

Azure DevOps used Microsoft Security DevOps Marketplace Extension. I will install another extension called SARIF SAST Scans Tab to view the results of MSDO analyzer scans on the Azure DevOps pipeline runs. It will look at the sarif files in the CodeAnalysisLogs artifact directory and display them as source annotations.

Microsoft Security DevOps?

Microsoft Security DevOps (MSDO) is a command-line application that integrates static analysis tools for security and compliance into the development cycle. It is data-driven with portable configurations that enable deterministic execution across multiple environments. By using Microsoft Security DevOps, it can install, configures and runs the latest versions of static analysis tools. The MSDO toolkit can output the results in the pipeline runs under a Scans tab using the SARIF SAST Scans Tab extension on Azure DevOps.

The MSDO is a central system that, as part of Microsoft Defender for Cloud, provides your security teams DevOps insights across multi-pipeline environments, such as GitHub and Azure DevOps.

Some of the most common MDSO tools are:

• Trivy - Vulnerability scanner for containers, suitable for CI

• Terrascan - Open-source static code analyzer for infrastructure as code to write secure IaC code

• Credscan - Detects credentials in source code

• Template Analyzer - Checks Azure Resource Manager templates for security and best practices

Integration with AzureDevOps ?

To get started with Microsoft Security DevOps, we need to connent Azure DevOps to Defender for Cloud. You can do this by following the steps below:

1. Log in to the Azure portal and navigate to the Defender for Cloud service.

2. Select the Microsoft Security DevOps tile.

3. Select Connect to Azure DevOps.

4. Select the Azure DevOps organization and project you want to connect to Defender for Cloud.

5. Select Connect.

Create a pipeline?