Top Stories from the Microsoft DevOps Community – 2019.08.02
If software is eating the world, YAML is eating CI/CD pipelines, and for a good reason! Who doesn’t want the ability to version their pipeline, keep it in source control and easily reuse it for similar applications?
In this week’s community posts, we learn more about YAML pipelines’ capabilities and additional security and compliance tools integrations. I am excited about what the community will do next week with all the new features we released in sprint 155!
Incorporating Snyk into Continuous Integration with Azure Yaml Pipelines
Security is becoming more and more central to software development, as hackers leverage known package vulnerabilities to breach major companies and even governments. It is recommended to shift security left in your CI/CD pipelines, and take advantage of the latest package vulnerability scanning tools. This post from Jason Penniman is an introduction to integrating Snyk, a vulnerability monitoring tool for open source packages, into your Azure Pipeline.
Azure DevOps and Telerik NuGet Packages
Speaking of package security, it is recommended to only consume software packages from known sources. Are you using Azure Pipelines with a private NuGet feed? This great article from Lance McCarthy has a detailed walkthrough of setting up the Telerik NuGet server as a package source in Azure DevOps using two different approaches – either by creating a Service Connection and a custom NuGet.config file, or by setting up a custom NuGet feed in Azure Artifacts. Thank you, Lance, for putting this guide together!
Getting started with Azure DevOps job and step Templates – Part 1
Just like any other software, pipelines are all about code reuse. In YAML, once you start copying over blocks of code, you know that will eventually introduce configuration drift. Luckily there is a solution – YAML Job and Step templates! This post by Barbara Forbes shows how to create a reusable YAML template for the repetitive steps you do in multiple pipelines. Thank you, Barbara, for this example use case!
Reap What You Sow II – IaC, Terraform, & Azure DevOps – Now With YAML
This post is an infrastructure-as-code with Azure Pipelines chapter two, in which Napoleon Jones walks us through his journey of trying YAML for the first time, and converting the Terraform pipeline from the previous post into the new multi-stage YAML pipeline. Sounds like YAML turned out to be friendlier than expected! Great job, Napoleon!
DevSecOps: Policy-as-code with Azure Pipelines
To expand on the topic of security and compliance, Azure Policy is an important tool that allows you to verify that your Azure resources comply with your company requirements, such as networking restrictions, geographic locations, VM SKUs and more. This article by Vishal Jain shows how to deploy Azure Policy using Azure Pipelines, and even add a Policy Compliance gate to your deployment.
If you’ve written an article about Azure DevOps or find some great content about DevOps on Azure, please share it with the #AzureDevOps hashtag on Twitter!