DevSecOps: Building a Secure Continuous Delivery Pipeline

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 1h 12m | 151 MB

Over the past several years, information security has struggled to keep up with the fast-paced DevOps movement. DevSecOps—an extension of DevOps—aims to remedy this by embracing security as an essential part of DevOps culture. This course examines this fresh take on DevOps, providing an overview of the practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline. As instructor James Wickett looks at CI/CD through the lens of security, he breaks up the pipeline into five distinct stages: develop, inherit, build, deploy, and operate. As he moves through each of these stages, he provides an overview of best practices and tools that can fit nicely into your DevSecOps toolchain approach.

Topics include:

• Goals for a DevSecOps toolchain approach
• Development, inherit, build, deploy, and operation tools
• Keeping secrets with git-secrets
• Using OWASP Dependency Check
• Testing for dependency issues using Retire.js
• Options for software composition analysis
• Key security concerns for the deploy phase
• Tricks for making compliance happy
• Cloud configuration monitoring