DevSecOps: Building a Secure Continuous Delivery Pipeline

DevSecOps: Building a Secure Continuous Delivery Pipeline
DevSecOps: Building a Secure Continuous Delivery Pipeline

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 1h 12m | 151 MB
eLearning | Skill level: Intermediate


Over the past several years, information security has struggled to keep up with the fast-paced DevOps movement. DevSecOps—an extension of DevOps—aims to remedy this by embracing security as an essential part of DevOps culture. This course examines this fresh take on DevOps, providing an overview of the practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline. As instructor James Wickett looks at CI/CD through the lens of security, he breaks up the pipeline into five distinct stages: develop, inherit, build, deploy, and operate. As he moves through each of these stages, he provides an overview of best practices and tools that can fit nicely into your DevSecOps toolchain approach.

Topics include:

  • Goals for a DevSecOps toolchain approach
  • Development, inherit, build, deploy, and operation tools
  • Keeping secrets with git-secrets
  • Using OWASP Dependency Check
  • Testing for dependency issues using Retire.js
  • Options for software composition analysis
  • Key security concerns for the deploy phase
  • Tricks for making compliance happy
  • Cloud configuration monitoring
+ Table of Contents

1 Securing your CI CD pipeline
2 What you should know
3 Traditional InfoSec is in crisis
4 Introducing DevSecOps
5 The continuous delivery pipeline
6 Goals for a DevSecOps toolchain approach
7 Secure development practices
8 Static code analysis
9 Tool Keeping secrets with git-secrets
10 Tool Rapid Risk Assessment
11 What’s in your app
12 OWASP Dependency Check in practice
13 JavaScript security with Retire.js Installation
14 JavaScript security with Retire.js Testing
15 Options for software composition analysis
16 Security testing in the build stage
17 AppSec scanning with DAST tools
18 Gauntlt in practice
19 Security in the deploy phase
20 Rundeck for deployments
21 Tricks for making compliance happy
22 Keeping security in operate
23 Modern application security
24 Signal Sciences in practice
25 Cloud security monitoring
26 Next steps