Skip to main content

DevSecOps

DevSecOps workshop guidance.

📄️ 001: Design permissions and access

Overview

📄️ 002: Discover servers/infra for build/deploy code

Overview

📄️ 003: Harden servers/infra forbuild/deploy code

Overview

📄️ 004: Define Developer Workstation Policies

Overview

📄️ 005: Implement Defender for Servers to continuously monitor

Overview

📄️ 006: Harden target infra(Defender for Cloud)

Overview

📄️ 007: Define developer access policies using Access Packages

Overview

📄️ 008: Implement access and PIM (JIT/JEA) policies for developers

Overview

📄️ 009: Define GovernanceApproach for Groups with DevSecOps priveleges

Overview

📄️ 010: Discover existingGitHub Accounts and permissions

Overview

📄️ 011: Integrate GitHub with Entra ID

Overview

📄️ 012: Remediate non-Entra ID accounts and assignments

Overview

📄️ 013: Discover, review and adjust permissionsbased on role

Overview

📄️ 014: Create process toperiodically reviewunused/stalecredentials

Overview

📄️ 015: Design codepublishingapproach

Overview

📄️ 016: Configure publishing approach fordeploying to Azure

Overview

📄️ 017: Define developer access to Azure as needed

Overview

📄️ 018: Design organization securityand analysis settings

Overview

📄️ 019: Decide if default oradvanced custom setupfor CodeQL

Overview

📄️ 020: Deploy Github AdvancedSecurity - CodeQL

Overview

📄️ 021: Deploy Github SecretScanning

Overview

📄️ 022: Specify configuration settings for Dependabot

Overview

📄️ 023: Integrate with Defenderfor DevOps

Overview

📄️ 024: Triage results andremediate

Overview

📄️ 025: Deploy GitHub Advanced Security - Dependabot

Overview

📄️ 026: Evaluate SAST and DAST tools (3P)

Overview

📄️ 027: Discover existingADO accounts andpermissions

Overview

📄️ 028: Remediate non-Entra ID accounts and assignments

Overview

📄️ 029: Integrate Entra ID toADO

Overview

📄️ 030: Discover, review and adjust permissionsbased on role

Overview

📄️ 031: Set up ServiceConnections todeploy to Azure

Overview

📄️ 032: Design codepublishingapproach

Overview

📄️ 033: Configure publishingapproach fordeploying to Azure

Overview

📄️ 034: Deploy GitHub AdvancedSecurity for Azure DevOps

Overview

📄️ 035: Integrate with Defender for DevOps

Overview

📄️ 036: Triage results andremediate

Overview

📄️ 037: Evaluate Dynamic Scanning (3P)

Overview