Join us

Protect production branches from having secrets through an Azure DevOps branch policy

@faun ・ Apr 11,2023

A simple solution to hide secrets in repository and monitoring them using Azure DevOps's build validation policy: write one script to scan the repository for secrets, create a comprehensive monitoring dashboard, suppress false positives, alert developers when trying to add secrets to the repository, and block production delivery until secrets are removed.

The script can work with Azure DevOps and GitHub.

Azure DevOps features, including the security scan credscan tool and the sarif sast scan tab, can be invoked to perform security scans on the pipeline. A pipeline is created to perform security scans on every pull request made to the production branch.

The policy can be enforced through the organization workbook.

Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

Unsubscribe anytime. By subscribing, you share your email with @faun and accept our Terms & Privacy.

Give a Pawfive to this post!

Only registered users can post comments. Please, login or signup.

Share with your friends and followers

Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.

Join other developers and claim your FAUN.dev() account now!

Publish your first story!

The FAUN

FAUN.dev()

@faun

The FAUN watches over the forest of developers. It roams between Kubernetes clusters, code caves, AI trails, and cloud canopies, gathering the signals that matter and clearing out the noise.