How to integrate AzSK in VSTS CI-Build
Am working on Secure DevOps Kit for Azure(AzSK) using VSTS CI&CD. For working AzSK in VSTS there were two tasks named "AzSK ARM Templete Checker" and "Secure DevOps Kit(AzSK) CICD Extensions for Azure" which are available from Market place. But, here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task after adding both to my organisation. Is there any extension/install additional tasks to add them for accessing it?
Please suggest me to "How to add it to my CI-Build Definition"
azure security azure-pipelines azure-pipelines-release-pipeline asked Sep 11 '18 at 5:47
ManiMani
214115
add a comment |
Am working on Secure DevOps Kit for Azure(AzSK) using VSTS CI&CD. For working AzSK in VSTS there were two tasks named "AzSK ARM Templete Checker" and "Secure DevOps Kit(AzSK) CICD Extensions for Azure" which are available from Market place. But, here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task after adding both to my organisation. Is there any extension/install additional tasks to add them for accessing it?
Please suggest me to "How to add it to my CI-Build Definition"
azure security azure-pipelines azure-pipelines-release-pipeline asked Sep 11 '18 at 5:47
ManiMani
214115
What's that mean for "here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task"?
– Andy Li-MSFT
Sep 11 '18 at 8:38
I want to work with Secure DevOps Kit(AzSK) CICD Extensions for Azure task
– Mani
Sep 11 '18 at 9:39
add a comment |
Am working on Secure DevOps Kit for Azure(AzSK) using VSTS CI&CD. For working AzSK in VSTS there were two tasks named "AzSK ARM Templete Checker" and "Secure DevOps Kit(AzSK) CICD Extensions for Azure" which are available from Market place. But, here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task after adding both to my organisation. Is there any extension/install additional tasks to add them for accessing it?
Please suggest me to "How to add it to my CI-Build Definition"
azure security azure-pipelines azure-pipelines-release-pipeline asked Sep 11 '18 at 5:47
ManiMani
214115
Am working on Secure DevOps Kit for Azure(AzSK) using VSTS CI&CD. For working AzSK in VSTS there were two tasks named "AzSK ARM Templete Checker" and "Secure DevOps Kit(AzSK) CICD Extensions for Azure" which are available from Market place. But, here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task after adding both to my organisation. Is there any extension/install additional tasks to add them for accessing it?
Please suggest me to "How to add it to my CI-Build Definition"
azure security azure-pipelines azure-pipelines-release-pipeline azure security azure-pipelines azure-pipelines-release-pipeline asked Sep 11 '18 at 5:47
ManiMani
214115
asked Sep 11 '18 at 5:47
ManiMani
214115
asked Sep 11 '18 at 5:47
ManiMani
214115
asked Sep 11 '18 at 5:47
ManiMani
214115
asked Sep 11 '18 at 5:47
ManiMani
214115
214115
What's that mean for "here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task"?
– Andy Li-MSFT
Sep 11 '18 at 8:38
I want to work with Secure DevOps Kit(AzSK) CICD Extensions for Azure task
– Mani
Sep 11 '18 at 9:39
add a comment |
What's that mean for "here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task"?
– Andy Li-MSFT
Sep 11 '18 at 8:38
I want to work with Secure DevOps Kit(AzSK) CICD Extensions for Azure task
– Mani
Sep 11 '18 at 9:39
What's that mean for "
here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task "?– Andy Li-MSFT
Sep 11 '18 at 8:38
What's that mean for "
here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task "?– Andy Li-MSFT
Sep 11 '18 at 8:38
I want to work with Secure DevOps Kit(AzSK) CICD Extensions for Azure task
– Mani
Sep 11 '18 at 9:39
I want to work with Secure DevOps Kit(AzSK) CICD Extensions for Azure task
– Mani
Sep 11 '18 at 9:39
add a comment |
2 Answers
2
active
oldest
votes
Based on the screenshot, you have installed the extension.
Secure DevOps Kit(AzSK) CICD Extensions for Azure is just the name of the extension. And the real task is AzSK ARM Template Checker.
So, you just need to add the AzSK ARM Template Checker task under test hub.
UPDATE:
Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only.
So to use it you need to create a release pipeline,... then add the AzSK_SVT task from Test category. Please see Security Verification Tests (SVTs) for details.
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
Thank you for your reply @Andy. According to link(extension) which you are shared me is showing that "It consists of two tasks" in which one indicates ARM Templates and another indicates about the Applications. Here i want work with Applications not ARM Templates
– Mani
Sep 11 '18 at 9:48
@Mani Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only. So, to use it you need to create a release pipeline,... then add the AzSK_SVT task accordingly. See the updated answer...
– Andy Li-MSFT
Sep 12 '18 at 9:15
sorry for late response.It's working fine for only few verification Tests only. I think, it is still in preview and Is there any chance to do AzSK_SVT task for Hosted Linux Agent
– Mani
Sep 19 '18 at 12:41
@Mani No chance to check that. Have you tried the task on Hosted Linux Agent, Does it not work?
– Andy Li-MSFT
Sep 20 '18 at 1:50
@Mani If the answer resolved your original issue, please Accept it as an Answer, This can be beneficial to other community members reading this thread.
– Andy Li-MSFT
Oct 5 '18 at 1:28
|
show 1 more comment
First of all I am sorry to ask you a question not relative to your question.
(as it seems that your question is already anwered :) )
I am using the same task in my relaese pipeline and I am trying to add custom checks because the default checks this task is doing is not good enough for me.
This tutorial is really helpfull for trying to set things up, only I seem to just get to add custom baselinecontrols for a local module and not getting it to add it in the azure devops pipeline (more info about my question .
As you are also working on the same task I was hoping that you maybe could me help me figure it out.
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f52269401%2fhow-to-integrate-azsk-in-vsts-ci-build%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Based on the screenshot, you have installed the extension.
Secure DevOps Kit(AzSK) CICD Extensions for Azure is just the name of the extension. And the real task is AzSK ARM Template Checker.
So, you just need to add the AzSK ARM Template Checker task under test hub.
UPDATE:
Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only.
So to use it you need to create a release pipeline,... then add the AzSK_SVT task from Test category. Please see Security Verification Tests (SVTs) for details.
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
Thank you for your reply @Andy. According to link(extension) which you are shared me is showing that "It consists of two tasks" in which one indicates ARM Templates and another indicates about the Applications. Here i want work with Applications not ARM Templates
– Mani
Sep 11 '18 at 9:48
@Mani Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only. So, to use it you need to create a release pipeline,... then add the AzSK_SVT task accordingly. See the updated answer...
– Andy Li-MSFT
Sep 12 '18 at 9:15
sorry for late response.It's working fine for only few verification Tests only. I think, it is still in preview and Is there any chance to do AzSK_SVT task for Hosted Linux Agent
– Mani
Sep 19 '18 at 12:41
@Mani No chance to check that. Have you tried the task on Hosted Linux Agent, Does it not work?
– Andy Li-MSFT
Sep 20 '18 at 1:50
@Mani If the answer resolved your original issue, please Accept it as an Answer, This can be beneficial to other community members reading this thread.
– Andy Li-MSFT
Oct 5 '18 at 1:28
|
show 1 more comment
Based on the screenshot, you have installed the extension.
Secure DevOps Kit(AzSK) CICD Extensions for Azure is just the name of the extension. And the real task is AzSK ARM Template Checker.
So, you just need to add the AzSK ARM Template Checker task under test hub.
UPDATE:
Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only.
So to use it you need to create a release pipeline,... then add the AzSK_SVT task from Test category. Please see Security Verification Tests (SVTs) for details.
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
Thank you for your reply @Andy. According to link(extension) which you are shared me is showing that "It consists of two tasks" in which one indicates ARM Templates and another indicates about the Applications. Here i want work with Applications not ARM Templates
– Mani
Sep 11 '18 at 9:48
@Mani Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only. So, to use it you need to create a release pipeline,... then add the AzSK_SVT task accordingly. See the updated answer...
– Andy Li-MSFT
Sep 12 '18 at 9:15
sorry for late response.It's working fine for only few verification Tests only. I think, it is still in preview and Is there any chance to do AzSK_SVT task for Hosted Linux Agent
– Mani
Sep 19 '18 at 12:41
@Mani No chance to check that. Have you tried the task on Hosted Linux Agent, Does it not work?
– Andy Li-MSFT
Sep 20 '18 at 1:50
@Mani If the answer resolved your original issue, please Accept it as an Answer, This can be beneficial to other community members reading this thread.
– Andy Li-MSFT
Oct 5 '18 at 1:28
|
show 1 more comment
Based on the screenshot, you have installed the extension.
Secure DevOps Kit(AzSK) CICD Extensions for Azure is just the name of the extension. And the real task is AzSK ARM Template Checker.
So, you just need to add the AzSK ARM Template Checker task under test hub.
UPDATE:
Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only.
So to use it you need to create a release pipeline,... then add the AzSK_SVT task from Test category. Please see Security Verification Tests (SVTs) for details.
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
Based on the screenshot, you have installed the extension.
Secure DevOps Kit(AzSK) CICD Extensions for Azure is just the name of the extension. And the real task is AzSK ARM Template Checker.
So, you just need to add the AzSK ARM Template Checker task under test hub.
UPDATE:
Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only.
So to use it you need to create a release pipeline,... then add the AzSK_SVT task from Test category. Please see Security Verification Tests (SVTs) for details.
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
edited Sep 12 '18 at 9:13
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
answered Sep 11 '18 at 8:44
Andy Li-MSFTAndy Li-MSFT
17.6k1922
17.6k1922
Thank you for your reply @Andy. According to link(extension) which you are shared me is showing that "It consists of two tasks" in which one indicates ARM Templates and another indicates about the Applications. Here i want work with Applications not ARM Templates
– Mani
Sep 11 '18 at 9:48
@Mani Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only. So, to use it you need to create a release pipeline,... then add the AzSK_SVT task accordingly. See the updated answer...
– Andy Li-MSFT
Sep 12 '18 at 9:15
sorry for late response.It's working fine for only few verification Tests only. I think, it is still in preview and Is there any chance to do AzSK_SVT task for Hosted Linux Agent
– Mani
Sep 19 '18 at 12:41
@Mani No chance to check that. Have you tried the task on Hosted Linux Agent, Does it not work?
– Andy Li-MSFT
Sep 20 '18 at 1:50
@Mani If the answer resolved your original issue, please Accept it as an Answer, This can be beneficial to other community members reading this thread.
– Andy Li-MSFT
Oct 5 '18 at 1:28
|
show 1 more comment
Thank you for your reply @Andy. According to link(extension) which you are shared me is showing that "It consists of two tasks" in which one indicates ARM Templates and another indicates about the Applications. Here i want work with Applications not ARM Templates
– Mani
Sep 11 '18 at 9:48
@Mani Well, please note that another AzSK_SVT task (AzSK Security Verification Tests) is available in 'Release' pipeline tasks only. So, to use it you need to create a release pipeline,... then add the AzSK_SVT task accordingly. See the updated answer...
– Andy Li-MSFT
Sep 12 '18 at 9:15
sorry for late response.It's working fine for only few verification Tests only. I think, it is still in preview and Is there any chance to do AzSK_SVT task for Hosted Linux Agent
– Mani
Sep 19 '18 at 12:41
@Mani No chance to check that. Have you tried the task on Hosted Linux Agent, Does it not work?
– Andy Li-MSFT
Sep 20 '18 at 1:50
@Mani If the answer resolved your original issue, please Accept it as an Answer, This can be beneficial to other community members reading this thread.
– Andy Li-MSFT
Oct 5 '18 at 1:28
Thank you for your reply @Andy. According to link(extension) which you are shared me is showing that "It consists of two tasks" in which one indicates ARM Templates and another indicates about the Applications. Here i want work with Applications not ARM Templates
– Mani
Sep 11 '18 at 9:48
Thank you for your reply @Andy. According to link(extension) which you are shared me is showing that "It consists of two tasks" in which one indicates ARM Templates and another indicates about the Applications. Here i want work with Applications not ARM Templates
– Mani
Sep 11 '18 at 9:48
@Mani Well, please note that another AzSK_SVT task (
AzSK Security Verification Tests) is available in 'Release' pipeline tasks only. So, to use it you need to create a release pipeline,... then add the AzSK_SVT task accordingly. See the updated answer...– Andy Li-MSFT
Sep 12 '18 at 9:15
@Mani Well, please note that another AzSK_SVT task (
AzSK Security Verification Tests) is available in 'Release' pipeline tasks only. So, to use it you need to create a release pipeline,... then add the AzSK_SVT task accordingly. See the updated answer...– Andy Li-MSFT
Sep 12 '18 at 9:15
sorry for late response.It's working fine for only few verification Tests only. I think, it is still in preview and Is there any chance to do AzSK_SVT task for Hosted Linux Agent
– Mani
Sep 19 '18 at 12:41
sorry for late response.It's working fine for only few verification Tests only. I think, it is still in preview and Is there any chance to do AzSK_SVT task for Hosted Linux Agent
– Mani
Sep 19 '18 at 12:41
@Mani No chance to check that. Have you tried the task on Hosted Linux Agent, Does it not work?
– Andy Li-MSFT
Sep 20 '18 at 1:50
@Mani No chance to check that. Have you tried the task on Hosted Linux Agent, Does it not work?
– Andy Li-MSFT
Sep 20 '18 at 1:50
@Mani If the answer resolved your original issue, please Accept it as an Answer, This can be beneficial to other community members reading this thread.
– Andy Li-MSFT
Oct 5 '18 at 1:28
@Mani If the answer resolved your original issue, please Accept it as an Answer, This can be beneficial to other community members reading this thread.
– Andy Li-MSFT
Oct 5 '18 at 1:28
|
show 1 more comment
First of all I am sorry to ask you a question not relative to your question.
(as it seems that your question is already anwered :) )
I am using the same task in my relaese pipeline and I am trying to add custom checks because the default checks this task is doing is not good enough for me.
This tutorial is really helpfull for trying to set things up, only I seem to just get to add custom baselinecontrols for a local module and not getting it to add it in the azure devops pipeline (more info about my question .
As you are also working on the same task I was hoping that you maybe could me help me figure it out.
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
add a comment |
First of all I am sorry to ask you a question not relative to your question.
(as it seems that your question is already anwered :) )
I am using the same task in my relaese pipeline and I am trying to add custom checks because the default checks this task is doing is not good enough for me.
This tutorial is really helpfull for trying to set things up, only I seem to just get to add custom baselinecontrols for a local module and not getting it to add it in the azure devops pipeline (more info about my question .
As you are also working on the same task I was hoping that you maybe could me help me figure it out.
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
add a comment |
First of all I am sorry to ask you a question not relative to your question.
(as it seems that your question is already anwered :) )
I am using the same task in my relaese pipeline and I am trying to add custom checks because the default checks this task is doing is not good enough for me.
This tutorial is really helpfull for trying to set things up, only I seem to just get to add custom baselinecontrols for a local module and not getting it to add it in the azure devops pipeline (more info about my question .
As you are also working on the same task I was hoping that you maybe could me help me figure it out.
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
First of all I am sorry to ask you a question not relative to your question.
(as it seems that your question is already anwered :) )
I am using the same task in my relaese pipeline and I am trying to add custom checks because the default checks this task is doing is not good enough for me.
This tutorial is really helpfull for trying to set things up, only I seem to just get to add custom baselinecontrols for a local module and not getting it to add it in the azure devops pipeline (more info about my question .
As you are also working on the same task I was hoping that you maybe could me help me figure it out.
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
answered Nov 13 '18 at 11:07
achahbarachahbar
253114
253114
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f52269401%2fhow-to-integrate-azsk-in-vsts-ci-build%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What's that mean for "
here am unable to access "Secure DevOps Kit(AzSK) CICD Extensions for Azure" task"?– Andy Li-MSFT
Sep 11 '18 at 8:38
I want to work with Secure DevOps Kit(AzSK) CICD Extensions for Azure task
– Mani
Sep 11 '18 at 9:39