Lab 23 – DevSecOps Pipeline Integration

This lab introduces DevSecOps practices by integrating automated security scanning into your CI/CD pipelines. You’ll configure code scanning, dependency checks, container scanning, and compliance validation.

• Outcome 1: CI/CD pipeline created or updated.
• Outcome 2: Automated code‑scanning tools integrated.
• Outcome 3: Dependency and container scanning enabled.
• Outcome 4: Compliance checks added to pipeline.

• DL23.1: CI/CD pipeline configured.
• DL23.2: Code scanning integrated (SAST).
• DL23.3: Dependency scanning enabled (SCA).
• DL23.4: Container scanning configured.
• DL23.5: Compliance checks added and validated.

1. Choose platform:
   • GitHub Actions
   • Azure DevOps Pipelines
2. Create a new pipeline or modify an existing one.
3. Add build and test stages.

1. Enable:
   • GitHub CodeQL
   • or Azure DevOps SAST extensions
2. Configure scanning on pull requests and main branch merges.
3. Review findings and document results.

1. Enable:
   • Dependabot (GitHub)
   • OWASP Dependency‑Check
2. Configure alerts for vulnerable libraries.
3. Document dependency‑risk findings.

1. Use:
   • Trivy
   • Azure Container Registry scanning
2. Scan Docker images during build.
3. Fail pipeline on critical vulnerabilities.

1. Integrate:
   • Terraform compliance checks
   • Azure Policy validation
   • Security baseline checks
2. Document compliance results.

• Automation: How security scanning fits into CI/CD workflows.
• Shift‑left security: How early detection reduces risk.
• Compliance: How pipelines enforce standards automatically.

With DevSecOps pipelines integrated, you’re ready to automate cloud compliance and auditing in Week 24.