Application development moves at a blistering pace; releases that used to come out once or twice yearly now happen weekly, daily—even continuously. While modern web technologies and tools like continuous integration/continuous delivery (CI/CD) have helped accelerate the pace of development, these same forces also make it difficult for application scanners to crawl and test your modern apps.
Rapid7 InsightAppSec integrates with Azure DevOps Pipelines to empower development teams to autonomously test the integrity of their applications in runtime within their own CI/CD workflows. Using the extension within a pipeline gives security teams essential feedback regarding a web application’s security posture and risk status as part of existing processes; this way, your team can pass/fail builds and fix faster.
The Azure DevOps extension utilizes the InsightAppSec RESTful API to dynamically retrieve applications, launch scans, monitor their progress, and generate reports based upon scan results. Leveraging this extension within Azure Pipelines will provide essential feedback regarding a web application’s security posture and vulnerability findings as an integrated CI/CD task.
This extension can be leveraged as both a Build and a Release task within Azure DevOps.
This extension is designed to:
Scan Gating provides an automated way to fail tasks as part of a build, should scan results meet a defined vulnerability query. This stops certain identified risks from being promoted into production.
Visit the Visual Studio Marketplace to get the InsightAppSec Azure DevOps extension.