Hi all, today in this post I'm gonna talk about "Implementing Security to your DevOps Pipeline using VSTS and White Source Bolt (DevSecOps)".

As we all know the trends that we are seeing out in the market, lot of buzz words are being heard and DevOps being 1 of them . People are adopting the process to deliver high value to their customers. As the definition goes "DevOps is the union of People, Process and Products to enable Continuous Delivery of value to our end users". While adopting the DevOps, it's not about going fast but also to look that you don't fall off a cliff. It's great to go fast but also check out for the security even before your code moves to the deployment environments. Implementing security is a big concern and a challenge as well. For example checking the vulnerable open source components, outdated libraries, license compliance issues  if any etc.

 

 

 

With Visual Studio Team Services, we can implement security to our DevOps pipeline using WhiteSource extensions as part of the build process. This ensures that if there are any vulnerabilities with the code, or the libraries that are being used, it detects and gives a catalogue where you can go and have a fix first and then safely push your code to the desired environments making sure that you are secured enough to go and deliver value to your end users without any security complaints.

 

Stay tuned for more information on setting up the pipeline....!