Site icon

Defender for DevOps – Configuration of DevOps Pipeline Classic and YAML method

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Microsoft Defender for DevOps shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments.  Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows.


Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come.

With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML.


Option 1: Configure using Azure DevOps Pipeline Classic Editor:

  1. Select a Project
  2. Click Pipelines > Click Create Pipeline


    3. Click Use the classic editor to create a pipeline without YAML


    4. Select a source, Team project, Repository, and Default branch from the dropdown menus Click Continue

     5. Click Empty job



      6. On the Agent job 1, click the + to add a step


     7. In the search box type Use .NET Core

         Click Add 3 times



     8.  Type Microsoft Security in the search box

         Click Add on Microsoft Security DevOps to add it to the Agent job 1


     9. Click on each of the Use .NET Core sdk tasks and set the versions as 3.1.x, 5.0.x, 6.0.x



   10. Click Save & queue to open the dropdown menu

      Click Save & queue


   11. Type a Save comment (example: Microsoft Security DevOps added)  > Click Save and run

NOTE: It will take a few minutes to run pipelines and save the results. To make viewing the scan results easier, you can install this free extension in your Azure DevOps organization: SARIF SAST Scans Tab - Visual Studio Marketplace


Option 2: Configure your pipelines using YAML

To configure your pipeline using YAML:

  1. Sign in to Azure DevOps
  2. Select your project.
  3. Navigate to Pipelines
  4. Select New pipeline.


         5. Select Azure Repos Git.



        6. Select the relevant repository 


    7. Select Starter Pipeline


    8. Paste the following YAML into the pipeline:


# Starter pipeline

# Start with a minimal pipeline that you can customize to build and deploy your code.

# Add steps that build, run tests, deploy, and more:


trigger: none


  vmImage: 'windows-latest'


- task: UseDotNet@2

  displayName: 'Use dotnet'


    version: 3.1.x

- task: UseDotNet@2

  displayName: 'Use dotnet'


    version: 5.0.x

- task: UseDotNet@2

  displayName: 'Use dotnet'


    version: 6.0.x

- task: MicrosoftSecurityDevOps@1

  displayName: 'Microsoft Security DevOps'


     9. Select Save and run

     10. To commit the pipeline, select Save and Run. 


The pipeline will run for a few minutes and save the results. 



Install the SARIF SAST Scans Tab extension on the Azure DevOps organization in order to ensure that the generated analysis results will be displayed automatically under the Scans tab.


What Next?

Additional Resources:


Exit mobile version