Inspecting & Validating Code Base for Compliance
Start course

Welcome to Designing for Quality and Security with Azure DevOps. This course covers topics to help you learn how to design a quality strategy in Azure DevOps. It shows you how to analyze an existing quality environment and how to identify and recommend quality metrics, as well as what feature flags are and how to manage the feature flag lifecycle.

The course then moves onto technical debt and how to manage it, how to choose a team structure that optimizes quality and how to handle performance testing. You'll look at some strategies for designing a secure development process and the steps you can take to inspect and validate both your codebase and infrastructure for compliance.

We'll wrap things up by covering strategies you can use to secure your development and coding environment, as well as recommended tools and practices that you can use to integrate infrastructure security validation.

If you have any questions, comments, or feedback relating to this course, feel free to contact us at

Learning Objectives

By the time you complete this course, you should have a good understanding of how to design for quality and security with Azure DevOps.

Intended Audience

This course is intended for:

  • IT professionals who are interested in earning the Microsoft Azure DevOps Solutions certification
  • DevOps professionals that work with Azure on a daily basis


To get the most from this course, you should have at least a basic understanding DevOps concepts and of Microsoft Azure.


Hi there, welcome back. In this lecture, we're going to dive into inspection and validation of code base for compliance. Despite the importance of data security. with every new day, it seems a new story about another data breach pops up. Whether it's credit card data being stolen, website logins being hacked, or other personal data that's stolen it's a problem.

So what's happening?

Everyone knows that organizations need to protect information from people that shouldn't have access to it, however, they also need to make sure that customer information isn't altered or destroyed when it shouldn't be. On the flipside, organizations also need to ensure that data is destroyed when it's supposed to be. Users need to be properly authenticated before getting access to data and those users need to have the proper permissions to do so. Using historical data archive data and logs should allow organizations to track down evidence when something has gone wrong.

Building secure applications is a big part of security however it can be difficult to do this. While you may find it surprising many developers and other IT professionals assume that they understand security. In reality, they really don't. This is because the entire cyber security discipline is always evolving, which is not unlike any other IT discipline. That being the case ongoing education and training is critical.

When developing secure applications it's important that you ensure that the code is created correctly and that it securely implements any features that are required. On top of that you need to ensure that the features themselves are designed with security in mind. This doesn't always happen.

Lastly, you need to make sure that when you're developing an application that the application is compliant with any special rules or regulations that it needs to comply with. It's important to test for this compliance during the build process and to retest periodically after deployment. This is because it's often rather difficult to shoehorn security into an application after the fact.

When all is said and done, it's important to recognize that secure development needs to be a part of every stage of the software development lifecycle. It's even more critical for applications that process sensitive or highly confidential information.

With the introduction of DevOps practices, it's now much easier for developers to integrate security testing into the app development pipeline. What this does is create an environment where security testing is part of the day-to-day delivery process rather than something that needs to be performed by security specialists after the fact.



Introduction - Identifying & Recommending Quality Metrics - Feature Flags - Technical Debt - Team Structures - Performance Testing - Inspecting & Validating Code Base for Compliance - Inspecting & Validating Infrastructure for Compliance - Secure Development & Coding - Infrastructure Security Validation Tools & Practices - Conclusion

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.