Serverless functions such as AWS Lambda, and Azure Functions are rapidly being adopted in enterprise cloud deployments. Serverless functions present unique security and visibility challenges due to their ephemeral nature, and the way in which they are deployed on public clouds. The rapid DevOps process behind serverless function deployments, as well as the use of open source components and access information (e.g., access and secret keys, credentials, etc.), require tight control of the development and deployment process.
The Aqua serverless security solution was designed specifically to address the challenges of visibility and security control in serverless functions, while remaining transparent and non-intrusive to DevOps. Aqua serverless security allows organizations to reap the business benefits of serverless functions, with full visibility and control of their risk posture.
Microsoft VSTS (Azure DevOps) users can now apply Aqua continuous function assurance to their Azure Functions. Aqua offers the most comprehensive, automated solution on the market for scanning and securing serverless function code, with deep scanning of functions for vulnerabilities and hard-coded sensitive data.
What is the Aqua Security (Azure DevOps) VSTS Extension?
When you add the Aqua Serverless Security extension, you can add a step to your Azure DevOps build pipeline, during function deployment, to check your functions for security vulnerabilities and hard-coded access or sensitive data. You can also define Function Assurance Policies to apply to your functions. Then, you can configure the Aquextension to fail the build if it fails the Function Assurance policy.