I just came across the following process template for Visual Studio Team System that can include Security Development Lifecycle features into your VSTS project. It is a great template that really helps you integrate security concerns and checks into all of the stages of the development lifecycle and is based on the Microsoft’s internal experience. The template includes following functionalities:

  • SDL requirements as work items
  • SDL-based check-in policies
  • Customized security bugs and queries
  • Extensive SDL how-to and guidance documentation
  • Auditable Final Security Review report
  • Third-party tool integration, i.e. the SDL Threat Modeling Tool
  • Project plans and security risk assessment templates

The SDL process template is available for download here, for more information about the process you can check the SDL site www.microsoft.com/sdl.