Qualys IaC Security Integration with Azure DevOps

The Qualys IaC Security extension empowers DevOps teams to build Infrastructure as Code (IaC) scans into their existing CI/CD processes. By integrating scans this way, cloud misconfigurations are detected and remediated earlier in the SDLC to catch and eliminate security flaws.

For supported templates, other integrations, and features of TotalCloud IaC Security, refer to TotalCloud Online Help and TotalCloud API User Guide.

Pre-requisites

Ensure that you have the required subscription and permissions as stated below.

• The current version of the Qualys IaC Security extension supports only Azure DevOps Services. You can use self-hosted agents or out-of-box agents by Microsoft.
• You must have valid account credentials for the Qualys TotalCloud (Cloud Security Assessment) application. The user must have API access enabled and a role assigned with all the necessary permissions.
• Ensure that the Azure DevOps user account for configuring Qualys IaC Security extension is part of the Project Collection Administrators group. To view the Project Collection Administrators group, go to Organization Settings > Permissions > Project Collection Administrators.

Next step:

Install the extension