Over the past several years, information security has struggled to keep up with the fast-paced DevOps movement. DevSecOps—an extension of DevOps—aims to remedy this by embracing security as an essential part of DevOps culture. This course examines this fresh take on DevOps, providing an overview of the practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline. As instructor James Wickett looks at CI/CD through the lens of security, he breaks up the pipeline into five distinct stages: develop, inherit, build, deploy, and operate. As he moves through each of these stages, he provides an overview of best practices and tools that can fit nicely into your DevSecOps toolchain approach.
Topics include:
Goals for a DevSecOps toolchain approach
Development, inherit, build, deploy, and operation tools
Keeping secrets with git-secrets
Using OWASP Dependency Check
Testing for dependency issues using Retire.js
Options for software composition analysis
Key security concerns for the deploy phase
Tricks for making compliance happy
Cloud configuration monitoring