Dependencies & Packages
Security & Compliance
The course is part of this learning path
This course explains how to implement dependency management with Azure DevOps. It explores the strategies, tools, and methods used for creating and managing dependencies. First, you will learn what dependency management is and which packages are available for Azure DevOps. A practical demonstration then shows how to build a package. The course moves on to explore the strategies for dependency management, including versioning and componentization, and provides a demo that guides you through how to consume a package. Finally, you will learn about security and compliance, and watch a practical demonstration of WhiteSource Bolt.
By the end of this course, you should have a good understanding of how packages are managed within Azure DevOps and the implications of package management methodologies.
If you have any feedback relating to this course, please contact us at firstname.lastname@example.org.
- Explore what dependencies are
- Understand the various package types in Azure DevOps
- Manage packages in Azure DevOps through Artifacts
- Explore building software and creating dependencies
- Understand the strategies and methods for creating and managing dependencies
- Explore package security and compliance scanning options
- Individuals who want to learn more about Azure DevOps
- Individuals aiming to become Azure DevOps engineers
- Students preparing for Microsoft’s AZ-400 exam
To get the most from this course, you should have:
- Experience with version control and pushing changes into an Azure repo
- An Azure DevOps account
- Visual Studio installed if you want to follow along during the demos
- An understanding of Git and how to push code
In this session, we're going to look at scanning packages for license compliance. If you bring up a tab in your browser, we're gonna search for a project which will help us quick start here. So I've just searched for managing open source security and licenses with WhiteSource. We will get to the Azure DevOps lab here. And if you scroll down, explains how to go through the project, there's basically a DevOps generator here, which will create the content for us.
So what we'll do is sign in. And here's our WhiteSource Bolt project. So you need to select your organization, give your project a name. We'll call this WhiteSource and that's fine. Create project.
So now that's provisioned successfully, we can navigate to the next project. And we can see the WhiteSource project has been provisioned in our organization. We can go to pipelines, we now see the WhiteSource Bolt. If we select that we can see we're using the free version, you will probably be asked to put in your email address and details, I've already entered those in. And that will allow you to use this pipeline.
So if we now go to the pipelines, select the pipeline, and run. Leave these things as default. See that's now gone into phase one. And the tab now's created WhiteSource Bolt build report. So we'll just watch this job complete.
So we can see that job completed, took just under four minutes. If we go back to the job itself, we can see the WhiteSource Bolt build report. You can see here a number of tiles. This is the vulnerability score, vulnerability libraries, severity distribution, aging vulnerability libraries. And then there's a detailed list of exactly what vulnerabilities there are and the severities and which libraries they affect. There's also a link to help you look at those in more detail. You can go through that session yourself and look at what else WhiteSource Bolt can offer for you.
This concludes our session. I hope you found this useful.
Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.