DevOps and Beyond, Workshops

VSM03 Workshop: DevSecOps in the Cloud with GitHub and Microsoft Azure


8:30am - 5:30pm

Level: Intermediate to Advanced

Brian A. Randell

Staff Developer Advocate


Good DevOps needs to really be good DevSecOps. But how do you get started? To be clear, there's no silver bullet. Doing things right requires a change in your company's culture. A culture that embraces security and changes how solutions are delivered by "shifting left". Changing to embrace agile practices and empower everyone to do the right thing.

GitHub cares about your code. They care about your apps. And they know building awesome apps means your apps are secure. But how to you get started? In this workshop, Brian and Mickey will share their experience with you about the current state of art to build "cloud native solutions" using Azure PaaS where can apply DevSecOps principals and best practices using GitHub Enterprise Cloud and GitHub Codespaces.

While they will focus on .NET applications, they will cover general practices for all many different app types using other languages. You'll learn from the beginning about GitHub security and the core workflow of getting code from a developer to a deployed environment in Microsoft Azure. You'll start by learning about the different flavors and versions related to GitHub's offerings both free and paid, with a focus on the cloud. You'll learn critical aspects in getting an enterprise configured and running using GitHub including organizations, adding users, choosing directory authentication, teams, and more.

You’ll learn about defining your repo strategy, including public, private, and internal visibility. And of course, you’ll learn repo settings around security, branch protection, and more. They’ll dig into pull requests, best practices, and how to manage the notification madness for a busy GitHub user. They’ll also dig into GitHub's various features around helping you produce better, more secure code early by looking at Dependabot, GitHub Secret scanning, and Code QL.

Beyond the code, you’ll learn about GitHub Projects to help you track work. Later, you’ll learn how to use GitHub Actions for CI/CD and GitHub workflow automation. In this workshop, you'll get deep information on building and deploying modern “cloud native apps” using GitHub and Microsoft Azure. By the end of the workshop, you will be ready encourage your organization to do more to be secure by using modern DevSecOps practices.

You will learn:

  • How to manage your team and work with GitHub
  • How manage your code and assets with GitHub
  • How to build and release with GitHub to Azure