Azure DevOps and Chechov

In this post we demonstrate how to use the open source security and compliance tool called Checkov with Azure DevOps to verify your Azure infrastructure is secure. Introducing Checkov Checkov is a great tool for engineering teams to harness as part of their Cloud environment deployments. Checkov currently supports scanning the following scanning capabilities:Continue reading “Azure DevOps and Chechov”

Shifting Security left – moving to a DevSecOps model

As more and more organisations shift their infrastructure and applications to Public cloud one of the biggest questions arises is how will they approach security. Organisations who are leveraging the dynamic nature of cloud with modern DevOps practices are also realising that traditional approaches to security are outdated. With the advent of Infrastructure as Code,Continue reading “Shifting Security left – moving to a DevSecOps model”

Compliance via Code

Cloud Governance with Cloud Custodian – Part 1 Before talking about Cloud Custodian i would like to mention Azure policies. Azure policy is the out of the box policy engine that Microsoft provide as part of your Azure subscription. It uses a declarative syntax using JSON to define policies (security, audits and others) governing andContinue reading “Compliance via Code”