AzureFunBytes Episode 54 - @GitHub integration with @Azure and shifting left

00:00:00 - Opening
00:03:17 - Let's meet Lavanya
00:05:45 - Satya commits to $20 Billion to advance security solutions
00:06:39 - So how did you get here?
00:07:26 - What do we mean by "shift-left" exactly?
00:11:00 - A DevSecOps data flow
00:21:26 - Value proposition
00:23:03 - Security Scenarios
00:24:52 - Personas in our organization
00:27:47 - Public Preview Release
00:30:42 - Azure Security Center Demo
00:34:06 - GitHub Actions workflow and security scanning
00:37:41 - Let's look at the build logs
00:42:30 - Reviewing scan results
00:46:45 - Recommendations and score
00:49:44 - Azure Defender
00:53:52 - What's your biggest challenge with the ASC product today?

Security is not an option when deploying applications. Considerations into what keeps your users safe must be part of your software delivery lifecycle. Whether it's adding correct firewalls rules to a server or knowing your npm package dependencies don't have cryptocurrency miners, you must always take steps to further your security posture. There's no reason to wait till after deployment to consider security, if we begin the process of securing, scanning, and shifting left we can greatly reduce our potential for intrusions.

What do I mean by shifting left? The goal for shifting left is to move quality upstream by performing testing tasks earlier in the pipeline. Rather than play catch-up after a potential security incident, developers can take reduce their exposure to troublesome incidents by utilizing DevSecOps practices.

What is DevSecOps? Azure's DevOps solutions page defines it as:

DevSecOps involves utilizing security best practices from the beginning of development, shifting the focus on security away from auditing at the end and towards development in the beginning using a shift-left strategy.

This week on AzureFunBytes I welcome Lavanya Kasarbada to help me understand how DevSecOps can create a better environment for your applications. Lavanya Kasarabada is a Senior Program Manager with the Azure Security Team. She works on Container and Serverless Security!

Lavanya plans on covering how to secure your container workloads. She'll discuss how the GitHub integration with Azure will provide end-to-end traceability and visibility into shift-left security assessments.

Our planned agenda includes:

Enabling Defender for Containers
Enabling and configuring Vulnerability scanning in GitHub workflow
Viewing detailed results in Azure Security Center
We'll dive into how all the parts fit together this week, take your questions, and learn to shift-left on Azure.

Learn about Azure fundamentals with me!

Live stream is normally found on Twitch, YouTube, and LearnTV at 11 AM PT / 2 PM ET Thursday. You can also find the recordings here as well:

AzureFunBytes on Twitch - https://twitch.tv/azurefunbytes
AzureFunBytes on YouTube - https://aka.ms/jaygordononyoutube
Azure DevOps YouTube Channel - https://www.youtube.com/channel/UC-ikyViYMM69joIAv7dlMsA
Follow AzureFunBytes on Twitter - https://twitter.com/azurefunbytes

Get $200 in free Azure Credit - https://cda.ms/219
Microsoft Learn: Introduction to Azure fundamentals - https://cda.ms/243
DevSecOps - https://cda.ms/2s6
Enable DevSecOps with Azure and GitHub - https://cda.ms/2s7
DevOps solutions on Azure - https://cda.ms/2s8
DevSecOps in Azure - https://cda.ms/2s9
Shift left to make testing fast and reliable - https://cda.ms/2sb
Azure Security Center integration with GitHub Actions, in public preview - https://cda.ms/2sc
Azure Security Center - https://cda.ms/2sd
Identify vulnerable container images in your CI/CD workflows
- https://cda.ms/2sK
Use Azure Defender for container registries to scan your images for vulnerabilities - https://cda.ms/2sJa
Scaling DevSecOps with GitHub and Azure - https://cda.ms/2sM

Видео AzureFunBytes Episode 54 - @GitHub integration with @Azure and shifting left канала Jay Gordon