Building Application Security in the Azure DevOps Pipeline

By
Abey Koshy Itty
Published on
10 Feb 2021
6 min read
web security

Security testing is an essential part of the SDLC and one that cannot be neglected. With DevOps practices taking centre-stage for software development, adding security testing to your CI/CD pipeline is more significant as you ship new features faster than ever before.

The faster release cycles shouldn’t come at the expense of compromising security. This is where the importance of adopting a DevSecOps culture comes in. By finding and fixing security issues early in the development process, companies can reduce the cost and complexity associated with application security.

By incorporating a DevSecOps approach, you can add security testing capabilities to your DevOps practice and make everyone on the team accountable for ensuring security.

Application security should be addressed right from development through production to ensure continuous protection.

If you’re currently using or planning to set up Azure DevOps for continuous integration and delivery, how do you ensure that your application is safe?

Automated penetration testing can be executed during deployment to a development environment to make sure that the running application does not contain any security vulnerabilities.

We’ll be looking into how you can integrate Beagle Security for building application security in your Azure DevOps pipeline.

Beagle Security for Azure DevOps

Beagle Security integrates with Azure Pipelines and Azure Boards, amongst the suite of tools Azure DevOps offers.

This means that you can trigger security tests in your Azure Pipeline and receive the security issues directly on your Azure Boards once a security test is completed.

To get started, you’ll have to first sign up for an account on Beagle Security.

Then, you can head over to the Visual Studio Marketplace and add the Beagle Security Test extension. After installing the extension, you’ll be able to add it to your Azure Pipelines Task to trigger security tests for finding vulnerabilities as part of your CI/CD workflow.

And by completing the integration with Azure Boards, you can receive the vulnerabilities on your Boards Project.

Setting up Beagle Security within Azure Pipelines

To set up Beagle Security within Azure Pipelines, first, you’ll need to log in to your Beagle Security account and add the application you want to security test.

After that, head over to the Settings page and generate your Access token.

AI History

You can assign the necessary scope and expiry date and create your access token.

Next up, go to the particular application’s settings and copy the application token from there.

Application token in Beagle Security

Now, open the Azure DevOps Project you want to add the extension to. You can either configure it in the release pipeline or build pipeline.

Setting up Beagle Security Test in Azure Pipelines

For adding Beagle Security to your release or build pipeline, follow these steps:

  1. Navigate to PipelinesReleases/Builds

  2. Create a new pipeline or edit an existing pipeline and Add a task

  3. Search for Beagle Security Test and click Add.

After that, you’ll have to provide the access token and application token you generated from your Beagle Security account. Once that’s added, the penetration test will run automatically when you trigger your release or build pipeline.

Integrating Azure Boards with Beagle Security

Getting to know the vulnerabilities in your application right in the CI/CD pipeline is great but what’s equally important is getting it addressed correctly by your development team.

By integrating Azure Boards with Beagle Security, you can get your team on the same page. The penetration test results come with detailed descriptions of the vulnerabilities, proof of how it was exploited and recommendations on how to fix it.

You can then start assigning vulnerabilities to developers on the team who are in charge of fixing it right within Azure Boards.

To set up the integration, go to your Beagle Security account. Then, go to the particular application’s settings and click on Integrations. There you’ll be able to find Azure Boards listed.

Azure Boards integration in Beagle Security

Follow the steps below to complete the integration:

  1. Enter the Azure Boards URL and API token (Follow these instructions for generating your API token in Azure DevOps)

  2. Select your Azure Boards Project

  3. Select the Work Item Type from the available options

  4. Select the relevant Start State and End State

  5. Finally, click on Confirm to complete the integration.

Once that’s done, penetration tests will be automatically triggered in your Azure Pipelines and after completion, you’ll receive all the vulnerabilities to your Azure Boards.

Closing Thoughts

DevSecOps practices enable your entire team to incorporate security capabilities throughout the entire lifecycle of your application.

Establishing continuous security validation into your Azure DevOps pipeline can allow your application to stay secure while you improve the deployment frequency to meet the needs of your business to stay ahead of the competition.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Abey Koshy Itty
Abey Koshy Itty
Marketing Manager
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.