Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft Defender for Cloud #986

Open
sharonfinden opened this issue Aug 11, 2023 · 1 comment
Open

Microsoft Defender for Cloud #986

sharonfinden opened this issue Aug 11, 2023 · 1 comment
Labels
security Security topic

Comments

@sharonfinden
Copy link

sharonfinden commented Aug 11, 2023
edited
Loading

Problem: Most customers don't know that there is a free version of Defender for Cloud that will check your IaC code, give you a security Score, and provide recommendations for how to fix any issues identified.

Solution: Tell customers we work with how to think about this free tool, how to use it, and how to address issues it identifies.

Alternatives:

  • Letting customers and dev crews find this info on their own - already not working well, we'd like to move them along faster
  • Putting information about this in the DevSecOps section of the SolutionOps playbook - decided it fit better in this playbook, as it's something we should ask any customer to run to make their solutions more secure, and doesn't cost them anything

Context:

  • There are multiple tiers of pay options within Defender for Cloud, which scan for additional issues types. We've found the documentation a bit confusing on this topic and would like to make it clear what is available without a cost
  • The Security TD will be rolling out a new program that will work with crews to understand their Defender Secure Score, so having the feature already turned on will save time (it takes around 6 hours to run for the first time). It will also provide a location for the Security TD to point to, for how to turn it on and work with the results.
  • There has already been content submitted to the SolutionOps playbook which can be leveraged to get this page started: https://github.com/cse-labs/opsplaybook/blob/main/docs/code-with-devsecops/Contributions/Security-posture-Management.md

Description:

  • page should contain the following data
    • Description – Describes the purpose and scope of the capability. The description expands on what it enables or facilitates in the context of building a solution, and highlights the key features or functionalities it offers.
    • Characteristics– Enumerates and describes characteristics that should be provided by this capability.,
    • Learn More – Provide links to any additional resources, such as documentation, tutorials, or references, that could help with understanding and utilizing the capability effectively.

Update navigation according to: #1004

Acceptance criteria:

  • Content contains a good description, characteristics of the tool, and how to use it
  • Content reflects work already completed and located in the DevSecOps playbook "contributions" folder
  • Content meets Engineering Fundamentals requirements for inclusion
  • Content has been reviewed, as required, by Engineering Fundamentals team member(s) and feedback has been addressed adequately
@sharonfinden
Copy link
Author

Jayce will be taking this one - need to get permissions for Jayce to edit and for all of us to assign tasks.

@sharonfinden sharonfinden added the security Security topic label Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Security topic
Projects
Engineering Playbook Backlog
Status: To do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sharonfinden