DevOpspertise

Everything related to DevOps and the cloud.

Software Bill of Materials (SBOM) Reporting

We can track dependencies, libraries, open source components and licenses that are present in the environment by integrating SBOM generation into our build pipelines.

Posted by Lucas Jackson Saturday, December 21, 2024

Open Worldwide Application Security Project (OWASP) Dependency-Check

We integrate OWASP Dependency-Check into an Azure pipeline without the use of a marketplace extension.

Posted by Lucas Jackson Saturday, December 14, 2024

Open Worldwide Application Security Project (OWASP) Zed Attack Proxy (ZAP) Automated Penetration Testing

We'll delve into setting up an Azure pipeline to integrate OWASP ZAP scans into your development process, ensuring the better security of your web applications.

Posted by Lucas Jackson Saturday, December 7, 2024

Azure Pipelines – Network Security Group Backup

In some cases it could make sense to use some automated mechanism to export the NSGs on a regular basis for tracking/backup purposes. This blog will show you how to perform such a task.

Posted by Lucas Jackson Friday, September 25, 2020

Microsoft Azure – Deploy Resource Locks Using Policy

In this post we'll cover the automated creation of resource locks for specific resources using Azure Policy.

Posted by Lucas Jackson Friday, June 12, 2020

Microsoft Azure – Explore Policy

Azure Policy keeps track of compliance for your Azure resources based on policy definitions you assign. In this blog post we will cover the fundamentals.

Posted by Lucas Jackson Saturday, February 22, 2020

Microsoft Azure – Application Security Groups

Application Security Groups (ASG) provide a mechanism to simplify networking rules of your Virtual Machines (VM) by logically grouping them rather than managing them using their explicit IP addresses and subnets.

Posted by Lucas Jackson Saturday, February 1, 2020

Azure DevOps – Pipeline Security Tools (DevSecOps)

With everyone moving to a DevOps and Agile mentality, it is more important then ever to implement security checks and scans into your DevOps pipelines. In this post I will go through several tools and scenarios which I have tested and used.

Posted by Lucas Jackson Thursday, January 23, 2020

Microsoft Azure – Security Center Just-in-time Deep Dive

Just-in-time (JIT) is used to secure inbound traffic to your Azure Virtual Machines, reducing exposure to attacks while providing an easy to use mechanism to connect to Virtual Machines (VM) when required

Posted by Lucas Jackson Sunday, January 19, 2020

FEATURED TAGS
amazon-web-services arm-template automation azure azure-devops azure-pipelines cdn certificate-manager ci/cd cloudfront gitlab iis key-vault network-security-group owasp pipeline policy powershell security service-connection static-website variable-group vulnerability-management website yaml
ABOUT ME
avatar

Cloud Architect, DevOps Engineer and Automation Specialist