Qualys IaC Security Integration with Azure DevOps
The Qualys IaC Security extension empowers DevOps teams to build Infrastructure as Code (IaC) scans into their existing CI/CD processes. By integrating scans this way, cloud misconfigurations are detected and remediated earlier in the SDLC to catch and eliminate security flaws.
The Qualys IaC Security extension integrates infrastructure as code scanning directly into Azure DevOps CI/CD pipelines, allowing teams to identify and fix cloud misconfigurations earlier in the software development lifecycle. By embedding security checks at the point where infrastructure is defined rather than after deployment, organizations can prevent configuration-related vulnerabilities from reaching production environments. This shift-left approach reduces the cost and complexity of remediating security issues that would otherwise require post-deployment fixes. For security teams, this means better visibility into infrastructure risks and the ability to enforce security standards consistently across all infrastructure-as-code projects.
For supported templates, other integrations, and features of Qualys TotalCloud IaC Security, refer to TotalCloud Online Help and TotalCloud API User Guide.
Prerequisites
Ensure that you have the required subscription and permissions as stated below.
- The current version of the Qualys IaC Security extension supports only Azure DevOps Services. You can use self-hosted agents or out-of-box agents by Microsoft.
- You must have valid account credentials for the Qualys Qualys TotalCloud (Cloud Security Assessment) application. The user must have API access enabled and a role assigned with all the necessary permissions.
- Ensure that the Azure DevOps user account for configuring Qualys IaC Security extension is part of the Project Collection Administrators group. To view the Project Collection Administrators group, go to Organization Settings > Permissions > Project Collection Administrators.