SFD262 – DevSecOps Bootcamp
Categories: AdvDevOps, Kubernetes
What Will You Learn?
- Core DevSecOps principles and the secure software delivery lifecycle
- How to build a CI/CD pipeline with Jenkins on Kubernetes
- Software Composition Analysis (SCA) using OWASP Dependency-Check, Pyraider, and Dependency-Track
- Static and Dynamic Application Security Testing (SAST & DAST) using slscan and OWASP ZAP
- Securing container images using Trivy, Dockle, and multi-stage Dockerfiles
- Enforcing compliance as code using InSpec and Ansible
- Secrets management using HashiCorp Vault and Kubernetes RBAC
- Runtime security monitoring using Falco with automated response pipelines
- Secure deployment workflows with GitOps using ArgoCD and Kubernetes
Course Content
Course Intro
-
Welcome Message
02:07
INTRODUCTION TO DEVSECOPS
-
Chapter Intro
01:16 -
Learning Objectives
-
Why care about DevSecOps
-
Path that led to DevSecOps
-
What is DevSecOps ?
-
How to DevSecOps
-
Understanding Modern Application
-
Application Security Risks
-
Layers of Onions Approach to Security
-
DevSecOps Practices and Delivery Pipeline
-
Selecting the Right Tools
-
Reading List/References
-
Summary
-
Knowledge Check (TODO) -**
Setting Up a Learning Environment
-
Chapter Intro
03:20 -
Launching a Kubernetes Cluster with GKE
05:23 -
Setting up Firewall Rules
02:43 -
Launching a Linux Development Environment
10:32 -
Configuring Google Cloud SDK and Kubectl
08:22 -
Install Helm Package Manager
03:30 -
Summary
-
Lab 3
Building a DevOps Pipeline
-
Chapter Intro and Learning Objectives
01:31 -
Installing Jenkins with Helm
07:38 -
Configuring Jenkins
03:50 -
Analyzing the Jenkinsfile Pipeline as a Code
06:58 -
Launching a Simple DevOps Pipeline
06:38 -
Building an Image with Docker
04:17 -
Why use Kaniko to build Container Images ?
04:41 -
Adding the Image Build and Publish Stage to the Pipeline
10:02 -
Summary
-
Lab 4
Securing the Supply Chain with SCA
-
Chapter Intro
01:27 -
Learning Objectives
-
What is Software Component Analysis
-
Using the Dependency Checker for SCA
04:13 -
Using Pyraider as a Python SCA
05:11 -
Adding the Software Composition Analysis (SCA) Stage to the Pipeline
04:51 -
Scanning Open Source Licenses
05:04 -
Setting up Dependency Tracker
05:32 -
Troubleshooting Kubernetes Resource Issues
08:00 -
Connecting Jenkins with Dependency Tracker
05:54 -
Adding SBOM Stage to the Pipeline
07:41 -
Cleaning up
05:38 -
Summary
-
Lab 6
Static Application Security Testing (SAST)
-
Chapter Intro
01:42 -
Learning Objectives
-
What is SAST
-
Using SCAN (slscan.io)
09:33 -
Adding the SAST Stage to the Pipeline
05:40 -
Configuring SCA to Fail
04:17 -
Fixing Dependency Issues
03:00 -
Updating the License Approval List
07:08 -
Summary
-
Lab 7
Auditing Container Images
-
Chapter Intro
01:30 -
Learning Objectives
-
Container Image Linting and Scanning
-
Linting Images with Dockle
05:53 -
Scanning Images for Vulnerabilities with Trivy
05:36 -
What Is a Multi-Stage Dockerfile?
05:12 -
Securing Images with a Multi-Stage Dockerfile
09:37 -
Running a Container as Non Root
05:37 -
Configuring Health Checks
05:56 -
Adding Image Analysis to the Pipeline
05:04 -
Summary
-
Lab 8
Secure Deployment and Dynamic Application Security Testing DAST
-
Chapter Intro
01:35 -
Learning Objectives
-
Secure Deployments with GitOps
-
Setting Up ArgoCD
06:03 -
Configuring the ArgoCD CLI
04:28 -
Kubernetes Deployment Objects
06:11 -
Generating Kubernetes YAML Manifests
05:44 -
Deploying to Kubernetes with ArgoCD
06:43 -
Secure Deployment Workflow – Argo + Jenkins
-
Authorizing Jenkins to Deploy Remotely with Argo
-
Adding an Automated Deploy Stage to the Jenkins Pipeline
07:21 -
DAST with OWASP ZAP
-
DAST Scan with ZAP
05:22 -
Summary
-
Lab 9
System Security Auditing with IaaC
-
Chapter Intro
01:50 -
Learning Objectives
-
Compliance as a Code and InSpec
-
Compliance Scanning with InSpec
09:36 -
Using the DevSec Hardening Framework
05:57 -
Configuring the SSH Pipeline Steps Plugin
09:48 -
Troubleshooting SSH in the Pipeline
05:20 -
Adding the Compliance Scan to the Pipeline
04:08 -
Installing and Configuring Ansible
05:04 -
Enforcing Compliance Remediation with Ansible
06:33 -
Modifying InSpec Controls
04:58 -
Running Daily SecOps Pipeline
06:56 -
Summary
-
Lab 10
Securing Kubernetes Deployments
-
Chapter Intro
02:32 -
Learning Objectives
-
Securing Kubernetes
-
Setting Up a Single Node Kubernetes Environment
07:35 -
Running CIS Benchmark Scans for Kubernetes
05:26 -
Hunting for Vulnerabilities with Kube Hunter
05:49 -
Scanning the Kubernetes Deployment Code with Kubesec
05:21 -
Defining Resource Constraints
03:05 -
Configuring the Security Context for a Pod
12:38 -
Mounting the Root Filesystem as Read-Only
06:14 -
System Calls and the SecComp Profile
-
Restricting Syscalls with Seccomp
08:32 -
Configuring RunAsUser and ServiceAccounts
09:10 -
Reading List/References
-
Summary
-
Lab 11
Secrets Management with Vault
-
Chapter Intro
01:10 -
Learning Objectives
-
Kubernetes Secrets Management with Vault
-
Installing Vault Using Helm
-
Adding Secrets to the Vault
04:39 -
Writing Policy and Kubernetes RBAC
05:54 -
Injecting a Secret into the Pod
05:23 -
Injecting a Secret into the Pod
09:26 -
Customizing Secrets using Templates
-
Rotating Secrets with Vault
-
Summary
-
Lab 12
Runtime Security Monitoring and Remediation
-
Chapter Intro
02:15 -
Learning Objectives
-
Runtime Analysis
-
How does Falco Work ?
-
Installing the Falco Runtime Security Engine
05:50 -
Detecting Runtime Anomalies
05:54 -
Adding Custom Application Rules
06:34 -
Building an Automated Response Engine
04:31 -
Deploying Argo Events and Workflow with Falco
09:10 -
Troubleshooting Falco on GKE
06:33 -
Examining Argo Workflow
05:10 -
Reading List/References
-
Response Engine in Action
06:08 -
Summary
-
Lab 13
Student Ratings & Reviews
No Review Yet
