Adding security to VSTS pipeline

Track: DevSecOps
When: Tue PM-3
Where: DevSecCon
Organizers Tanya Janca Tanya Janca
Participants Gabor Pek Gabor Pek , Imran Mohammed A Imran Mohammed A , Pedro Laguna Pedro Laguna , Vasil Buraliev Vasil Buraliev
Remote Participants Madhu Akula Madhu Akula , Sophie Tonnoir Sophie Tonnoir

The OWASP DevSlop VSTS pipeline, affectionately known as “Patty”, needs to produce the absolute most secure code possible, as it is used to release DevSlop.co (our website), it is a proof of concept pipeline. Come help us improve the security of this proof of concept but hacking it and helping us add more checks!

WHY

Adding more security to this pipeline means that companies everywhere that use VSTS can adopt this proof of concept internally, adjust it for their specific needs, and starting making more secure apps, very quickly. It will be exported in JSON format, which can be imported into VSTS.

What

Security review, config and testing in the in Visual Studio Team Server pipeline.

Outcomes

Outcomes: More secure apps for everyone, everywhere! :) A free proof of concept that IT shops can adopt to start their DevOps processes, that includes security. Lessons and documentation will follow.

Register as participant

To register as participant add Adding security to VSTS pipeline to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions