Overview
-
Explore best practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline.
Syllabus
-
Introduction
- Securing your CI/CD pipeline
- What you should know
- Traditional InfoSec is in crisis
- Introducing DevSecOps
- The continuous delivery pipeline
- Goals for a DevSecOps toolchain approach
- Secure development practices
- Static code analysis
- Tool: Keeping secrets with git-secrets
- Tool: Rapid Risk Assessment
- What's in your app?
- OWASP Dependency Check in practice
- JavaScript security with Retire.js: Installation
- JavaScript security with Retire.js: Testing
- Options for software composition analysis
- Security testing in the build stage
- AppSec scanning with DAST tools
- Gauntlt in practice
- Security in the deploy phase
- Rundeck for deployments
- Tricks for making compliance happy
- Keeping security in operate
- Modern application security
- Signal Sciences in practice
- Cloud security monitoring
- Next steps
