DevSecOps CI/CD Pipeline

Course Description

When a developer writes code, the only way to ensure that code works as it’s supposed to is to test it, but testing is time consuming and so sometimes testing just doesn’t happen the way it needs to (you know who you are :).  Without proper testing, bad code can cause seriously expensive production-down issues.  This class teaches how to automate code building, testing and deploying so your developers can focus on updating and creating new applications without worrying if they’ve broken something along the way.

While your developer is working on their DevOps Pipeline, hackers are continually trying to disrupt your business.  We teach your developers and operations engineers how to build DevSecOps and Security Scanning directly into the DevOps Pipeline.  This process (known as Shift Left) catches known vulnerabilities before they can disrupt your business or your development process.

Then we teach your teams how to detect vulnerabilities once your application is up and running in production.  If a hacker breaks into your infrastructure and even into your applications, we’ll show you how to continually monitor your apps for hacker-driven mutations so you can protect your business and your customers around the clock.

This course teaches exactly how to implement DevOps CI/CD & DevSecOps throughout the entire application creation and deployment process, catching known vulnerabilities during development (SAST) and while the application is actively running (DAST).  Students will learn how to create and use an end-to-end CI/CD pipeline to build, lint, test and deploy vulnerability-free, secure and approved code, at every stage of the Software Development Lifecycle.

No prior DevOps knowledge is required.

Choose the exact tool chain you want below and generate a course outline, or choose the ‘generic’ options for a tool-neutral outline:

DevSecOps CI/CD Pipeline

Generic Coding Languages
JavaScript
Python
Go
Java
C++
Ruby
TypeScript

Course Agenda 

  • Git source and version control management. This course will teach you the fundamentals of using git so you can effectively share, collaborate, backup and version any code.  We’ll scan all code as it is pushed to Git for known vulnerabilities.
  • SAST (Static Application Security Testing). You will learn about OWASP (Open Web Application Security Project) and the top known vulnerabilities from which you need protect your applications, as well as exactly how to do this. You’ll integrate SAST into your DevOps Pipeline, including how to stop a pipeline build when a vulnerability is discovered, and you’ll learn how to manage false positives. Third-party libraries are code developers get from other places. We’ll scan that code as well.
  • Configuration management. We’ll teach you how to configure and spin up servers (web, database, load balancer, or any application servers), using a configuration management tool and code stored in git.
  • Testing and continuous integration /  continuous deployment. Learn to integrate git and configuration management with a CI/CD tool to build, test, and deploy code into test, staging, and production environments, creating an automated end-to-end DevOps pipeline. We’ll use CI/CD to drive Security scanning so every push of code verifies a vulnerability-free application.
  • DAST (Dynamic Application Security Testing). No matter how hard you work to protect your code, someone could potentially break into your running application in Production. We’ll show you how to continually and dynamically scan running applications to make sure you are safe from the beginning of the code development process to the final customer experience.