DevSecOps for .NET Core
Securing Modern Software Applications
I dedicate this book to all the bots running our automation jobs on the servers, making the lives of software engineers better. They deserve credit, too.
As of the year 2020, software development has become a broader domain within computer science and even overshadows several other domains. Every now and then, people find tutorials about programming languages, tools, and design patterns. The only thing that changes is the name of the pattern. From the old days of waterfall development, all the way to service-oriented architectures. We have come to the age of microservices and DevOps. I have written articles that showcase the DevOps pipelines I built for my own projects as well as for customers over the years. Now, I decided to write a book covering good practices. (There are no best practices in DevOps and computer science as a whole; only good use cases for each situation.)
This book is for beginners who want to learn about DevOps and the introduction of security into the pipeline. If you have experience with DevOps pipelines, you can use this book as a guide to learn how to enforce code quality and security policies on your repositories. If you are new to DevOps, this will give you a good start to understanding where the industry is currently doing the research and user studies. Many organizations are moving toward an open source environment, so they should focus on how to build a secure and collaborative environment for their contributors and engineers. A CI pipeline that builds and runs tests is no longer valid and complete. Online projects include contributors from all across the globe. Different people bring different coding styles to the repository. This book will help you understand how to apply code checks to the contributions added to the repository.
I have developed DevOps pipelines for many customers and clients that I have worked with in the past. I always recommend that they maintain at least a CI pipeline (if they think DevOps is a bit overkill) for their projects. From single-developer indie projects, to large-scale enterprise product development and maintenance. DevOps is a silver bullet against all bugs, code smells, performance issues, and security problems in your projects. This book will not provide you with the silver bullet, nor will it tell you about the seller, rather it will help you understand the workings of DevOps and how you can develop your own. My core focus throughout this book is to teach you the methods used to automate the pipeline and where to apply the appropriate techniques. I often see new developers applying complex DevOps tools and pipeline stages to a job that might have just needed four lines of code. Sometimes the service that is provided out of the box is not the perfect one. Sometimes, just sometimes, the status quo of your DevOps is wrong. Perhaps someone in the past implemented a tool they got for free at a conference. My goal throughout this book is to tell you that DevOps is here to help you, and DevSecOps is here to make sure that your DevOps pipelines are implemented to test every possible use-case of your product.
You should use this book as a consultation for your DevOps servers—as a checklist to see if you have created the stages correctly in the server. This book is useful for students, too, the developer group that I encounter regularly. It is important for students to explore the practices of DevOps before they start working in industry. Software companies teach DevOps practices and other code stability techniques, but a student with DevOps skills will land a better job than their fellow students who know a little of the operations and automation.
Use this book however you like; I welcome you to check out the GitHub repository and submit the changes. I will try my best to check all the issues that you have with the code, or with DevOps.
—Afzaal Ahmad Zeeshan
Well, I admit I am a very smug person, but that doesn’t stop me from acknowledging the people who helped me, not only with this project but also with my learning ventures, earning ventures, and what not. My mom, dad, brothers, sisters, and friends—I would like to thank you for never giving up on me and encouraging me to continue learning.
I would also like to thank many seniors from the online communities, who taught me the skill of “questioning.” The best answers I have ever received in my experience were by asking the right questions.
I also want to give a shout out to C# Corner, CodeProject, Microsoft, Alibaba Cloud, and Digital Ocean for the awards, certificates, free goodies, and the motivation they provided me throughout the years. Last but not least, special credit to Eminem, as his songs were by my side as I went through the hardships of software development.
is a software engineer based in Rabwah, Pakistan. He likes .NET Core for regular day development and has experience with Cloud, mobile, and API development. Afzaal Ahmad has experience with the Azure platform and likes to build cross-platform libraries/software with .NET Core. He received the MVP Award by Alibaba Cloud for cloud expertise. He was twice recognized as a Microsoft MVP for his work in the field of software development, was recognized four times as a CodeProject MVP for technical writing and mentoring, and was recognized four times as a C# Corner MVP in the same field.
is a software engineer at StackFinity in the UK. Iqra spends most of her time contributing to the open source world and authoring technical articles on CodeProject and C# Corner. Iqra has diversified experience in architecture design, development, and automation. She has also worked on multiple DevOps-related projects during her professional career. Iqra has published courses on asynchronous programming and DevOps in collaboration with online publishers such as Packt. Furthermore, she has reviewed technical books and courses. In her free time, she listens to podcasts and reads books.