LFS262 - DevSecOps Mastery
Learn to incorporate DevSecOps practices into the software delivery pipeline for cloud native applications deployed with kubernetes using open source software.
While DevOps brings operations up to the speed with the development resulting in rapid pace of software delivery, specially for cloud native container based applications, conventional security and compliance has not been able to keep up with this pace, resulting in either bringing down the speed of deployment or circumventing security measures resulting in vulnerable code to go through.
DevSecOps practices are created as an extension to existing DevOps practices which focus on automating security and incorporating it as part of the process, including Continuous Delivery, Infrastructure as a Code and Observability. This results not only in delivering safer code faster, but also facilitates early feedback to developers, helping them to build more reliable software.
This course begins by laying the foundation of DevSecOps, by explaining principles, practices, cultural aspects and the tools landscape and then goes on to show how to incorporate various practices into the continuous delivery pipeline. In order to make adoption of DevSecOps practices frictionless, this course focuses on usage of mostly open source software, at the same time providing enough flexibility to plug in a commercial alternative to match the implementation environment.
Course Learning Outcomes
By the end of this course, you should be able to:
- Learn the need for DevSecOps and its key principles, practices and tools involved.
- Learn how to extend the existing DevOps pipeline to incorporate Security Practices.
- Understand how to perform Software Composition Analysis (SCA) and add it to the CI Pipeline.
- Perform Static Code Analysis using SAST tools.
- Implement security best practices while writing Dockerfiles to build images.
- Scan container images for vulnerability and set up an automated process for it.
- Perform Dynamic Application Software Testing (DAST) on a live environment.
- Setup centralised Vulnerability Management System to provide visibility and alerting.
- Use Infrastructure as a Code effectively to enforce compliance. Also understand Compliance as a Code and how to set up automated scans with Inspec and DevSec Hardening Framework.
- Learn about Kubernetes and container runtime security aspects.
- Understand how to provide secrets to applications running in a Kubernetes environment securely
- Setup runtime security monitoring.
- Build a Cloud Native DevSecOps Pipeline
- Software Developers who would like to understand their role in secure application delivery and also learn how to ensure application code they are writing as well as components they are using can be made more secure.
- Site Reliability Engineers/Devops Practitioners as well as Security Professionals alike who are in charge of implementing DevOps as well as Security Practices and want to understand the key practices and technologies involved in DevSecOps so that they extending existing DevOps pipelines to enhance the security.
- Anyone who is part of designing, developing or delivering a modern, cloud native application running on kubernetes and wants to understand DevSecOps practices.
- Understanding of CI/CD Pipelines and Practices.
- Knowledge of building CI pipelines with Jenkins along with ability to read and write declarative Jenkinsfiles.
- Know how of running containers as well as building images with Docker (or similar container runtime)
- Working knowledge of Kubernetes including ability to write YAML manifests, create and manage pods, deployments, services etc.
- Working knowledge of using Helm (version 3) to install packages on Kubernetes
- Knowledge of writing Infrastructure as a Code (for Operations Professionals only)
- Knowledge of operating Linux Systems using the Command Line Interface (CLI).
- Working knowledge of Git.
- Windows/Mac/Linux Workstation (Any OS)
- Internet Access
- SSH Client
- Web Browser
- Cloud Account e.g. Google Cloud / AWS
Hi, this is Gourav. Being passionate about linux and open source, I built a good foundation for my professional career while I was still at Engineering School. I started my career as a ops guy, being a systems admin and later as a operations engineer. I then went on to transform my career to be a Devops Consultant, Corporate Trainer, Devops Coach and a Public Speaker. I have helped more than 10k tech professionals from top companied of the world to transform their careers to be devops ready. I am a published author with one book and more than 18 courses published on many platforms including Udemy, Packt, Skillshare, Orielly's Safari Books Online and this site. I have more than 60k students online. I have been recently featured on edX with my course on Devops and SRE, published by Linux Foundation, the world leaders in open source. You could check his biography here
StartIntroduction to DevSecOps (2:57)
StartPath that led to DevSecOps
StartWhat is DevSecOps ?
StartHow to DevSecOps
StartUnderstanding Modern Application
StartApplication Security Risks
StartLayers of Onions Approach to Security
StartDevSecOps Pipeline and Key Practices
StartSelecting the Right Tools
StartChapter Intro (7:38)
StartLaunching a Kubernetes Cluster with GKE (5:22)
StartSetting up Firewall Rules (2:42)
StartLaunching a Linux Development Environment (10:31)
StartConfiguring Google Cloud SDK and Kubectl (8:21)
StartInstall Helm Package Manager (3:29)
StartLab Guide - Setting up Learning Env