Devops Engineer with IT Security

Session16: DevSecOps: Building a Secure Continuous Delivery Pipeline

Over the past several years, information security has struggled to keep up with the fast-paced DevOps movement. DevSecOps—an extension of DevOps—aims to remedy this by embracing security as an essential part of DevOps culture. This course examines this fresh take on DevOps, providing an overview of the practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline. As instructor James Wickett looks at CI/CD through the lens of security, he breaks up the pipeline into five distinct stages: develop, inherit, build, deploy, and operate. As he moves through each of these stages, he provides an overview of best practices and tools that can fit nicely into your DevSecOps toolchain approach.

0 min.

Learning Objectives:

  • Goals for a DevSecOps toolchain approach
  • Development, inherit, build, deploy, and operation tools
  • Keeping secrets with git-secrets
  • Using OWASP Dependency Check
  • Testing for dependency issues using Retire.js
  • Options for software composition analysis
  • Key security concerns for the deploy phase
  • Tricks for making compliance happy
  • Cloud configuration monitoring
James Wickett

James Wickett

Session Instructor

Sr. Security Engineer and Dev Advocate at Verica & Author on DevOps and DevSecOps at LinkedIn Learning

James Wickett is the head of research at Signal Sciences and a supporter of rugged software and DevSecOps.

James is the creator and founder of the Lonestar Application Security Conference, which is the largest annual security conference in Austin, Texas. He also runs DevOpsDays Austin and previously served on the global DevOpsDays board. He also bears several security certifications, including CISSP and GWAPT.

Back to Course

Tanuj

Instructor

Tanuj Chugh, an adept and prominent trainer and speaker have been associated to education sector from many years and have an experience of more than 9 years of live industry projects based on latest technologies like Virtualization, Cloud Computing, AWS, Google Cloud, Azure, Linux & Windows Servers, Network & Security etc. Upholding the responsibilities of delivering in-house and online training to the corporate employees, clients and individuals.

Full Profile

Ready to get started?

Get in touch

Contact Us