About

This lab guide mirrors the https://azure.github.io/AKS-DevSecOps-Workshop/ guide, includes required changes, leverages PowerShell instead of Bash where applicable, and includes additional example output.

In performing this lab you will learn more about the following :

• Understanding of DevSecOps, including vulnerabilities and best practices
• Implementation of DevSecOps best practices for AKS
• Understanding and Implementation of Features/Capabilities in GitHub and Azure to implement DevSecOps best practices for AKS
• Features of GitHub and Azure to implement DevSecOps best practices for AKS, including Defender for DevOps, AKS add-ons, Defender for Containers, VS Code, etc.

<aside> 💡

While this workshop explicitly references AKS, and GitHub; the recommendations mentioned would apply to any container orchestration or CI/CD platform. While the implementation details may vary, most of the concepts and practices mentioned in each stage would still be relevant and applicable.

</aside>

<aside> 💡

This lab was completed over approximately five days, with AKS, ACR, and KeyVault running for just under four days, resulting in total Azure costs of roughly $10 (± a small variance)

</aside>

Acknowledgements

H/T to the Contributors of https://github.com/Azure/AKS-DevSecOps-Workshop, including https://github.com/ahmedbham https://github.com/msmarti and others who developed and open sourced this exercise.

Table of Contents

Module 0

DevSecOps on Azure Kubernetes Service (AKS)

DevSecOps builds on the practice of DevOps by incorporating security at different stages of a traditional DevOps lifecycle. Some of the benefits of building security in DevOps practices include:

• Make your applications and systems more secure by providing visibility into security threats and preventing vulnerabilities from reaching deployed environments
• Increased security awareness with your Development and Operation teams
• Incorporates automated security processes into your Software Development Lifecycle (SDLC)