YoVDO

DevSecOps: Building a Secure Continuous Delivery Pipeline

Offered By: LinkedIn Learning

Tags

DevSecOps Courses Risk Assessment Courses Continuous Integration Courses Static Code Analysis Courses Secret Management Courses

Course Description

Overview

Explore best practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline.

Syllabus

Introduction
  • Securing your CI/CD pipeline
  • What you should know
1. The DevSecOps Toolchain
  • Traditional InfoSec is in crisis
  • Introducing DevSecOps
  • The continuous delivery pipeline
  • Goals for a DevSecOps toolchain approach
2. Development Tools
  • Secure development practices
  • Static code analysis
  • Tool: Keeping secrets with git-secrets
  • Tool: Rapid Risk Assessment
3. Inherit Tools
  • What's in your app?
  • OWASP Dependency Check in practice
  • JavaScript security with Retire.js: Installation
  • JavaScript security with Retire.js: Testing
  • Options for software composition analysis
4. Build Tools
  • Security testing in the build stage
  • AppSec scanning with DAST tools
  • Gauntlt in practice
5. Deploy Tools
  • Security in the deploy phase
  • Rundeck for deployments
  • Tricks for making compliance happy
6. Operation Tools
  • Keeping security in operate
  • Modern application security
  • Signal Sciences in practice
  • Cloud security monitoring
Conclusion
  • Next steps

Taught by

James Wickett

Related Courses

Web Engineering III: Quality Assurance
Technische Hochschule Mittelhessen via iversity
Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX
DevOps for Developers: How to Get Started
Microsoft via edX
Accelerate Software Delivery using DevOps
Microsoft via edX
Building R Packages
Johns Hopkins University via Coursera