Using Workload Identities for Bicep Deployments in GitHub Actions

Using Workload Identities for Bicep Deployments in GitHub Actions

As I’ve been working on my side project, I’ve been trying to work on my CI/CD skills and deploy all my resources through GitHub Actions. This project is made up of a couple of services, which each have their own infrastructure and application code. I’m deploying my resources to a single resource group in Azure. To deploy infrastructure to Azure via GitHub Actions, we need to authenticate to our Azure subscription....

June 24, 2023 · 7 min · Will Velida
Using Microsoft Security DevOps tasks in GitHub Action worflow files

Configure Bicep code scanning in GitHub with Microsoft Defender for DevOps

Microsoft Defender for DevOps is a new capability in Defender for Cloud that provides visibility across multiple DevOps environments that you can use to centrally manage DevOps security, strengthen your infrastructure as code and help you prioritize critical issues in code across your pipeline and multiple cloud environments. This feature is currently in preview, and supports GitHub and AzureDevOps (with support for more platforms coming soon). As part of my job at Microsoft, I spend a lot of time helping engineers to use infrastructure as code to provision their resources to Azure, and help them to build pipelines that automates their deployments....

October 20, 2022 · 5 min · Will Velida