We'd love to hear about it! Click here to go to the product suggestion community
This document covers the use of the new IaC template scanning API endpoint of Sophos Cloud Optix. This is documented here: https://optix.sophos.com/apiDocumentation (In the "APIs for IaC Integration" section)
a. Go to https://optix.sophos.com/ and sign in with your credentials
b. Go to Settings → Integrations → Sophos Cloud Optix
c. Select the expiry time (6 months, 1 year or Never), then click on "Generate new key"
d. The API Key will be generated. Click on "Save"
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Edit → Add Artifacts"
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Edit"
b. Click on the stage that you want to add the IaC template security/compliance validation task to
c. Click on "+" to add a new task, search for "bash", then select the "Bash" task
d. Select the task and edit the following
any high severity security and compliance issues
"Authorization: ApiKey c95ed269-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx"
any critical severity security and compliance issues
# Stop the pipeline
there are any high or critical security or compliance issues detected
# Also print out the issues detected
[[ $highalerts ==
]] && [[ $criticalalerts ==
"No critical/high severity security or compliance issues was detected"
"Critical/high severity security or compliance issues detected"
curl -X GET
'Authorization: ApiKey c95ed269-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx'
e. Ensure that the task is dragged above the main deployment tasks
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Create release"
b. Look in the release logs for the output