- Module 1: Configure a project and repository structure to support secure pipelines.
In this module, you practice how to:
- Separate a project into team projects and repositories.
- Separate secure files between projects.
- Move the security repository away from a project.
- Assign project and repository permissions.
- Organize a project and repository structure.
- Module 2: Manage identity for projects, pipelines, and agents.
In this module, you practice how to:
- Configure a Microsoft-hosted pool.
- Configure agents for projects.
- Configure agent identities.
- Configure the scope of a service connection.
- Convert to a managed identity in Azure DevOps.
- Module 3: Configure secure access to pipeline resources.
In this module, you practice how to:
- Identify and mitigate common security threats.
- Configure pipeline access to specific agent pools.
- Manage secret variables and variable groups.
- Secure files and storage.
- Configure service connections.
- Manage environments.
- Secure repositories.
- Module 4: Configure and validate permissions.
In this module, you practice how to:
- Configure and validate user permissions.
- Configure and validate pipeline permissions.
- Configure and validate approval and branch checks.
- Manage and audit permissions in Azure DevOps.
- Module 5: Fundamental concepts and best practices for creating nested templates.
In this module, you practice how to:
- Create nested templates.
- Rewrite the main deployment pipeline.
- Configure the pipeline and the application to use tokenization.
- Remove plain text secrets.
- Restrict agent logging.
- Identify and conditionally remove script tasks in Azure DevOps.
- Module 6: Configure secure access to Azure Repos from pipelines.
In this module, you practice how to:
- Configure pipeline access to packages.
- Configure credential secrets, and secrets for services.
- Ensure that the secrets are in the Azure Key Vault.
- Ensure that secrets aren't in the logs.
- Module 7: This module is designed to help learners understand the importance of configuring pipelines to use variables and parameters securely in Azure DevOps.
In this module, you practice how to:
- Ensure that parameters and variables retain their type.
- Identify and restrict insecure use of parameters and variables.
- Move parameters into a YAML file that protects their type.
- Limit variables that can be set at queue time.
- Validate that mandatory variables are present and set correctly in Azure DevOps.
Overview
Syllabus
- Module 1: Module 1: Configure a project and repository structure to support secure pipelines
- Introduction
- Organize project and repository structure
- Configure secure projects and repositories
- Lab - Configure a project and repository structure to support secure pipelines
- Knowledge check
- Summary
- Module 2: Module 2: Manage identity for projects, pipelines, and agents
- Introduction
- Configure a Microsoft-hosted pool
- Configure agents for projects
- Configure agent identities
- Configure the scope of a service connection
- Understand and convert to a Managed Identity
- Lab - Manage identity for projects and pipelines
- Knowledge check
- Summary
- Module 3: Module 3: Configure secure access to pipeline resources
- Introduction
- Configure agent pools
- Use secret variables and variable groups
- Understand secure files
- Configure service connections
- Manage environments
- Secure repositories
- Lab - Configure agents and agent pools for secure pipelines
- Knowledge check
- Summary
- Module 4: Module 4: Configure and validate permissions
- Introduction
- Configure and validate user permissions
- Configure and validate pipeline permissions
- Configure and validate approval and branch checks
- Manage and audit permissions
- Lab - Configure and validate permissions
- Knowledge check
- Summary
- Module 5: Module 5: Extend a pipeline to use multiple templates
- Introduction
- Create a nested template
- Rewrite the main deployment pipeline
- Configure the pipeline and the application to use tokenization
- Remove plain text secrets
- Restrict agent logging
- Identify and conditionally remove script tasks
- Lab - Extend a pipeline to use multiple templates
- Knowledge check
- Summary
- Module 6: Module 6: Configure secure access to Azure Repos from pipelines
- Introduction
- Configure pipeline access to packages
- Configure pipeline access to credential secrets
- Configure pipeline access to secrets for services
- Use Azure Key Vault to secure secrets
- Explore and secure log files
- Lab - Integrate Azure Key Vault with Azure Pipelines
- Knowledge check
- Summary
- Module 7: Module 7: Configure pipelines to securely use variables and parameters
- Introduction
- Ensure parameter and variable types
- Identify and restrict insecure use of parameters and variables
- Move parameters into a YAML file
- Limit queue time variables
- Validate mandatory variables
- Lab - Configure pipelines to securely use variables and parameters
- Knowledge check
- Summary