Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Provider Logo

DevSecOps: Building a Secure Continuous Delivery Pipeline

via LinkedIn Learning

Overview

Explore best practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline.

Over the past several years, information security has struggled to keep up with the fast-paced DevOps movement. DevSecOps—an extension of DevOps—aims to remedy this by embracing security as an essential part of DevOps culture. This course examines this fresh take on DevOps, providing an overview of the practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline. As instructor James Wickett looks at CI/CD through the lens of security, he breaks up the pipeline into five distinct stages: develop, inherit, build, deploy, and operate. As he moves through each of these stages, he provides an overview of best practices and tools that can fit nicely into your DevSecOps toolchain approach.

Syllabus

Introduction
  • Securing your CI/CD pipeline
  • What you should know
1. The DevSecOps Toolchain
  • Traditional InfoSec is in crisis
  • Introducing DevSecOps
  • The continuous delivery pipeline
  • Goals for a DevSecOps toolchain approach
2. Development Tools
  • Secure development practices
  • Static code analysis
  • Tool: Keeping secrets with git-secrets
  • Tool: Rapid Risk Assessment
3. Inherit Tools
  • What's in your app?
  • OWASP Dependency Check in practice
  • JavaScript security with Retire.js: Installation
  • JavaScript security with Retire.js: Testing
  • Options for software composition analysis
4. Build Tools
  • Security testing in the build stage
  • AppSec scanning with DAST tools
  • Gauntlt in practice
5. Deploy Tools
  • Security in the deploy phase
  • Rundeck for deployments
  • Tricks for making compliance happy
6. Operation Tools
  • Keeping security in operate
  • Modern application security
  • Signal Sciences in practice
  • Cloud security monitoring
Conclusion
  • Next steps

Taught by

James Wickett

Related Courses

Reviews

0.0 rating, based on 0 reviews

Start your review of DevSecOps: Building a Secure Continuous Delivery Pipeline

Never stop learning Never Stop Learning!

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free