YoVDO

DevSecOps: Building a Secure Continuous Delivery Pipeline

Offered By: LinkedIn Learning

Tags

DevSecOps Courses Risk Assessment Courses Continuous Integration Courses Static Code Analysis Courses Secret Management Courses

Course Description

Overview

Explore best practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline.

Syllabus

Introduction
  • Securing your CI/CD pipeline
  • What you should know
1. The DevSecOps Toolchain
  • Traditional InfoSec is in crisis
  • Introducing DevSecOps
  • The continuous delivery pipeline
  • Goals for a DevSecOps toolchain approach
2. Development Tools
  • Secure development practices
  • Static code analysis
  • Tool: Keeping secrets with git-secrets
  • Tool: Rapid Risk Assessment
3. Inherit Tools
  • What's in your app?
  • OWASP Dependency Check in practice
  • JavaScript security with Retire.js: Installation
  • JavaScript security with Retire.js: Testing
  • Options for software composition analysis
4. Build Tools
  • Security testing in the build stage
  • AppSec scanning with DAST tools
  • Gauntlt in practice
5. Deploy Tools
  • Security in the deploy phase
  • Rundeck for deployments
  • Tricks for making compliance happy
6. Operation Tools
  • Keeping security in operate
  • Modern application security
  • Signal Sciences in practice
  • Cloud security monitoring
Conclusion
  • Next steps

Taught by

James Wickett

Related Courses

Secure Android App Development
University of Southampton via FutureLearn
Microsoft DevOps Solutions: Developing Security and Compliance
Pluralsight
Using Security Analysis Tools to Protect ASP.NET and ASP.NET Core Applications
Pluralsight
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight
Maintaining Code Quality with TeamCity
Pluralsight