Devsecops Using Github Actions: Secure Cicd With Github
Devsecops Using Github Actions: Secure Cicd With Github
Last updated 1/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.14 GB | Duration: 2h 51m
Last updated 1/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.14 GB | Duration: 2h 51m
Build Secure CI/CD Pipelines with GitHub Actions and integrate SAST, DAST, SCA security tools in the Pipeline
What you'll learn
Understand basics of DevSecOps and learn about various tools used in DevSecOps
Learn basics of GitHub Actions and write yaml files in GitHub Actions
Integrate security tools in GitHub Actions Pipeline and execute SAST/DAST/SCA scans
Implement robustness in GitHub Actions
End to End Case study on Java Project where we implement DevSecOps Pipeline with GitHub Actions
Learn using a Git repository from Git bash
Learn CI/CD pipeline creation
Learn various tools used for DevSecOps
Learn SonarCloud
Learn Snyk
Learn OWASP ZAP
Learn Yaml
Learn to create DevSecOps Engineer CV
Learn to implement DevSecOps for NodeJS application
Learn to implement DevSecOps for .Net application
Requirements
No Programming knowledge required
Anyone with Basic computer knowledge can take this course
Description
Course Updates:v 7.0 - January 2023Added C# Assignment for DevSecOps pipeline along with Solution using GitHub Actions and some common errors and their solutionsv 6.0 - October 2022Updated course with French and German Subtitlesv 5.0 - July 2022Updated course with NodeJS Case Study to implement an End to End DevSecOps Pipeline for a NodeJS Project using GitHub Actions in Section 5v 4.0 - June 2022Updated course with Notes on Populating Code Coverage on SonarCloud or SonarQube Dashboard in Section 3Updated course with Notes on GIT Commands in Section 3Updated course with newer videos to create account with SonarCloud and SnykUpdated course videos contentv 3.0 - May 2022Updated course with Report Walkthrough of SAST, SCA and DAST tools integrated in End to End DevSecOps Pipeline with GitHub Actionsv 2.0 - May 2022Updated course with videos on End To End DevSecOps Pipeline with GitHub ActionsAdded new questions to Quizzesv 1.0 - April 2022Updated course with newer videos on GitHub Actions BasicsAdded Quizzes to the course––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––Who shall take this course?This DevSecOps course is designed for Security Engineers, DevOps Engineers, SRE, QA Professionals and Freshers looking to find a job in the field of security. This is a focused DevSecOps course with a special focus on integrating SAST/DAST/SCA tools in Build pipeline. Hands On Experience:1) End to End Case study on Java Project where we implement DevSecOps Pipeline with GitHub Actions (Must Learn)2) Learn and implement security in DevOps pipeline, get Hands On experience in using Security tools & technologies using GitHub Actions This course is for:DevelopersDevOpsSecurity EngineersAspiring professional in the Security domainQuality Assurance EngineersInfoSec/AppSec Professional DevSecOps being the hot skill, will help you to secure a high-salaried job and stay informed on the latest market trends. ––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––Why purchase this course?This is only practical hands-on course available on the internet till now.DevSecOps enables rapid application development with agility, at the same time it secures your application with automated security checks integrated within the pipeline. It helps to increase productivity and security by integrating security stages in the pipeline.Also, we have included practical examples to implement security in the DevOps pipeline through various tools.By the end of the course, you will be able to successfully implement DevOps or DevSecOps pipeline and lead initiatives to create, build and maintain security pipelines in your project.––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––Things to consider before taking this course:1) Create a GitHub accountDisclaimer: French, German, Spanish and English subtitles are auto-generated so please ignore any grammar mistakes
Overview
Section 1: Introduction
Lecture 1 Introduction and Course Agenda
Lecture 2 About the course
Section 2: Deep dive into DevSecOps
Lecture 3 Basic Security Terms - If new to security field
Lecture 4 What is DevSecOps?
Lecture 5 Tools used for DevSecOps Implementation in the market
Section 3: Hands On - Integrating Security in DevSecOps Pipeline
Lecture 6 Basics of GitHub Actions - Part 1
Lecture 7 Basics of GitHub Actions - Part 2
Lecture 8 Hands On Prerequisite: Install Visual Studio Code as an Editor on Windows
Lecture 9 Hands On Prerequisite: Install Git Bash on Windows
Lecture 10 Notes on Git Commands
Lecture 11 Hands On Prerequisite: Connect Git Bash with GitHub Account(2 Methods Explained)
Lecture 12 Hands On: Create a simple GitHub Actions yaml file - Part 1
Lecture 13 Hands On: Create a simple GitHub Actions yaml file - Part 2
Lecture 14 Hands On: Create a simple GitHub Actions yaml file - Part 3
Lecture 15 What is Snyk and its benefits?
Lecture 16 Create Snyk Account for running SCA scan
Lecture 17 Hands On: Integrate Snyk in GitHub Actions (SCA scan)
Lecture 18 What is OWASP ZAP and its benefits?
Lecture 19 Hands On: Integrate OWASP ZAP in GitHub Actions (DAST scan)
Lecture 20 What is SonarCloud and its benefits?
Lecture 21 Create a SonarCloud Account for running Sonar Analysis on Source Code(SAST scan)
Lecture 22 Hands On: (Very Important) Integrate SonarCloud in GitHub Actions (SAST scan)
Lecture 23 Very Important: Notes on Populating Code Coverage on SonarCloud or SonarQube
Section 4: Java Case Study: Creating DevSecOps End to End Pipeline for a Java Project
Lecture 24 Case Study: Understanding Project Requirements before workflow implementation
Lecture 25 Case Study Hands On: Pre-requisites for running End to End DevSecOps Pipeline
Lecture 26 Case Study Hands On: Workflow file creation and DevSecOps Pipeline execution
Lecture 27 Case Study Hands On: Review DevSecOps Pipeline Results - SonarCloud (SAST scan)
Lecture 28 Case Study Hands On: Review DevSecOps Pipeline Results - Snyk (SCA scan)
Lecture 29 Case Study Hands On: Review DevSecOps Pipeline Results - OWASP ZAP (DAST scan)
Lecture 30 Case Study Hands On: Modifying Workflow file to create Sequential Pipeline
Section 5: NodeJs Case Study: Creating End to End DevSecOps Pipeline for NodeJs Project
Lecture 31 NodeJS Case Study: Understand Project Requirement before workflow implementation
Lecture 32 Hands On: Understand Workflow file created for NodeJs DevSecOps Pipeline
Lecture 33 Hands On: Running NodeJs End to End DevSecOps Pipeline using GitHub Actions
Section 6: Assignment: Build and run DotNet/C# End to End DevSecOps Pipeline
Lecture 34 Assignment to create End to End DevSecOps Repo for .NET/C# Project
Lecture 35 Some Common Errors and their solutions
Section 7: Report Security issues found during SAST, SCA & DAST scans in JIRA
Lecture 36 Hands On: Create JIRA account with Atlassian with custom JIRA site
Lecture 37 Hands On: Report SAST security issues in JIRA identified by SonarCloud
Lecture 38 Hands On: Report SCA security issues in JIRA identified by Snyk
Lecture 39 Hands On: Report DAST security issues in JIRA identified by OWASP ZAP
Section 8: Next Steps and Bonus section
Lecture 40 Optional: Application Security As a Career
Lecture 41 Sample DevSecOps Engineer CV
Lecture 42 Bonus Lecture
Beginner security engineer,Quality assurance engineers,DevOps/DevSecOps Engineers,Automation Engineers