Skip to content

devsecblueprint/azure-devsecops-pipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
.github/workflows
.github/workflows
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Azure DevSecOps Pipeline - Terraform

License Terraform Cloud GitHub Issues GitHub Forks GitHub Stars GitHub Last Commit CI Status

Overview

This project provides an automated DevSecOps pipeline for deploying and securing infrastructure on Azure using Terraform and Terraform Cloud. The pipeline is defined in azure-pipelines.yml and leverages reusable templates under .azdo-pipelines/pipeline_templates/ for modular, secure, and maintainable builds.

Requirements

  • Terraform (latest stable version)
  • Terraform Cloud account
  • Azure subscription with appropriate RBAC permissions
  • Azure DevOps account for running pipelines

Pipeline Workflow

The main pipeline (azure-pipelines.yml) orchestrates the following stages:

  1. Build Docker Image
    Uses build-image.yml to build container images from source code using Azure DevOps agents.

  2. Lint and Format
    Uses linting.yml to enforce Python code formatting and linting (Python 3.12.6 by default).

  3. Unit & Security Testing
    Uses unit-sec-scan.yml to run unit tests and basic security checks before publishing artifacts.

  4. Push Docker Image
    Uses push-image.yml to push the validated image to Azure Container Registry (ACR).

Repository Structure

.azdo-pipelines/
  ├── azure-pipelines.yml             # Main Azure DevOps pipeline
  └── pipeline_templates/             # Modular templates
       ├── build-image.yml            # Build container images
       ├── linting.yml                # Code linting & formatting
       ├── push-image.yml             # Push image to ACR
       ├── sample-push.yml            # Example template for image push
       └── unit-sec-scan.yml          # Unit + security testing

terraform/
  ├── main.tf                         # Core Terraform configuration
  ├── acr_aks.tf                      # Azure Container Registry + AKS
  ├── providers.tf                    # Provider configuration
  ├── variables.tf                    # Input variables
  ├── variable-group.tf               # Variable groups integration
  └── outputs.tf                      # Outputs

Setup Instructions

1. Terraform Cloud Setup

  • Create an account on Terraform Cloud.
  • Generate an API key and store it in Azure DevOps as a secure variable.
  • Create workspaces for your infrastructure modules.

2. Configure Azure Credentials

3. Initialize Terraform

From the terraform/ folder:

terraform init
terraform plan

4. Run the Pipeline

  • Connect your repository to Azure DevOps.
  • Trigger the pipeline defined in .azdo-pipelines/azure-pipelines.yml.

Environment Variables

Configure the following in Terraform Cloud or Azure DevOps Variable Groups:

  • ARM_CLIENT_ID
  • ARM_CLIENT_SECRET
  • ARM_SUBSCRIPTION_ID
  • ARM_TENANT_ID

References

About

Microsoft Azure DevSecOps Pipeline with Terraform

Topics

azure terraform devsecops

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages