AZ-400: Designing and Implementing Microsoft DevOps Solutions

Design and Implement Pipeline Automation

Summary

This article explores critical practices for securing, testing, and maintaining your software projects. We cover:

  • Dependency Scanning
  • Security Scanning
  • Continuous Integration (CI) & Continuous Deployment (CD)
  • Code Coverage

Dependency and Security Scanning

Dependency and security scanning are essential to catch vulnerabilities before they reach production. By integrating these scans into your CI/CD pipeline, you ensure a proactive defense against potential risks.

What Is Dependency Scanning?

Dependency scanning identifies known vulnerabilities in your project’s libraries and packages.

  • Detect outdated or insecure dependencies
  • Automate scans in Azure Pipelines
  • Stop builds on critical findings

What Is Security Scanning?

Security scanning reviews your source code and configuration for common security flaws.

  • Analyze code for injection, misconfigurations, and secrets
  • Integrate with pull requests for immediate feedback

Note

Running scans early in your development cycle helps prevent remediation costs later in production.

ToolScan TypeIntegration Example
GitHub DependabotDependencyAutomatic PRs for outdated dependencies
SnykDependency & Securitysnyk test --all-projects
OWASP ZAPSecuritydocker run owasp/zap2docker-stable zap-baseline.py
TrivyContainer & Filestrivy filesystem --security-checks vuln,path .

The image is a slide titled "Dependency and Security Scanning" with a color-coded list of topics related to dependency scanning and security.


Continuous Integration (CI) & Continuous Deployment (CD)

Automated integration and deployment pipelines accelerate delivery while maintaining high quality.

CI/CD Definitions

  • Continuous Integration (CI): Automatically build and test code on each commit.
  • Continuous Deployment (CD): Automatically deploy tested code to staging or production.

Testing Strategies in Pipelines

Test TypePurposeExample Command
Local TestsFast feedback, no external dependenciesnpm test -- --watch
Unit TestsValidate individual functions or classespytest tests/unit
Integration TestsValidate interactions between componentspytest tests/integration
Load TestsMeasure performance under high traffick6 run load-test-script.js

In Azure Pipelines, you can define multiple stages:

stages:
  - stage: Build
    jobs:
      - job: Compile
        steps:
          - script: dotnet build
  - stage: Test
    dependsOn: Build
    jobs:
      - job: UnitTests
        steps:
          - script: dotnet test --logger trx
      - job: IntegrationTests
        steps:
          - script: dotnet test --filter Category=Integration
  - stage: Deploy
    dependsOn: Test
    jobs:
      - job: Release
        steps:
          - script: az webapp deploy --name myApp --resource-group myRG

Warning

Always fail the pipeline on test failures to prevent unverified code from progressing.


Code Coverage

Code coverage measures how much of your source code is exercised by tests. It helps you identify untested areas and improves software quality.

Why Code Coverage Matters

  • Visibility: Shows untested code paths
  • Quality: Encourages writing meaningful tests
  • Metrics: Helps track testing progress over time

Coverage Types

Coverage TypeDescription
StatementPercentage of executed statements
BranchCoverage of all possible code branches (if/else)
PathAll possible execution paths (rarely used)

Integrating Coverage in Azure Pipelines

- task: DotNetCoreCLI@2
  displayName: 'Run tests with coverage'
  inputs:
    command: test
    projects: '**/*Tests/*.csproj'
    arguments: '--collect:"XPlat Code Coverage"'
- task: PublishCodeCoverageResults@1
  inputs:
    codeCoverageTool: Cobertura
    summaryFileLocation: '$(Agent.TempDirectory)/**/coverage.cobertura.xml'

Interpret coverage reports to guide your testing efforts:

  • Focus on critical modules with low coverage
  • Increase branch and path coverage for complex logic
  • Set realistic coverage targets (e.g., 80–90%)

The image is a slide titled "Understanding Code Coverage," listing topics such as the definition, importance, and best practices of code coverage, each associated with a different color.


Watch Video

Watch video content

Previous
Orchestration of GitHub Actions and Azure Pipelines