Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
Your company relies on Azure Pipelines and Azure Repos for its continuous integration and continuous deployment (CI/CD) workflows, aiming to deploy applications to the Azure environment efficiently. To enhance your deployment process in accordance with DevSecOps control guidelines outlined in the Microsoft Cloud Adoption Framework for Azure, you are tasked with updating your procedures. Specifically, you need to propose a solution that mandates all code changes be submitted via pull requests before they are deployed through the CI/CD workflow. What should you include in your recommendation to achieve this requirement?
Explanation:
Branch policies in Azure Repos provide a way to enforce code review policies before a pull request can be completed and merged into a target branch. This ensures that all code changes are submitted through a pull request and reviewed by other members of the team before being deployed by the CI/CD workflow. Branch policies can be configured to require specific reviewers, require a minimum number of approvals, and block direct pushes to the target branch. This helps to ensure that code changes are thoroughly reviewed and meet the established standards before being merged into the target branch.