Adding security to VSTS pipeline

Track: DevSecOps
When: Tue PM-3
Where: DevSecCon
Organizers Tanya Janca Tanya Janca
Participants Gabor Pek Gabor Pek , Imran Mohammed A Imran Mohammed A , Pedro Laguna Pedro Laguna , Vasil Buraliev Vasil Buraliev
Remote Participants Madhu Akula Madhu Akula , Sophie Tonnoir Sophie Tonnoir

The OWASP DevSlop VSTS pipeline, affectionately known as “Patty”, needs to produce the absolute most secure code possible, as it is used to release (our website), it is a proof of concept pipeline. Come help us improve the security of this proof of concept but hacking it and helping us add more checks!


Adding more security to this pipeline means that companies everywhere that use VSTS can adopt this proof of concept internally, adjust it for their specific needs, and starting making more secure apps, very quickly. It will be exported in JSON format, which can be imported into VSTS.


Security review, config and testing in the in Visual Studio Team Server pipeline.


Outcomes: More secure apps for everyone, everywhere! :) A free proof of concept that IT shops can adopt to start their DevOps processes, that includes security. Lessons and documentation will follow.

Register as participant

To register as participant add Adding security to VSTS pipeline to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions