Static Code Analysis  for Infrastructure as Code Using Azure DevOps Pipelines

Written by asgr | Published 2021/07/11
Tech Story Tags: terraform | azure-devops | security | infrastructure-as-code | devops-infrastructure | azure | github | architecture

TLDR Static code analysis is performed as part of the security development lifecycle, where tools are used to find vulnerabilities such as buffer overflow, SQL injection within application code. This article explains how to set up static code analysis for infrastructure as code using Azure DevOps pipelines and Prisma cloud. An example of pipeline execution with Prisma Warning that we have one medium issue. This violation blocks the merge of “faulty code” into our deployment branch. If the job fails, the PR is blocked from being merged unless open issues are resolved.via the TL;DR App
no story
Written by asgr | IT Architect in Healthcare industry
Published by HackerNoon on 2021/07/11
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy