DevSecOps using GitHub Actions Secure CICD with GitHub
What you’ll learn
Understand basics of DevSecOps and learn about various tools used in DevSecOps
Learn basics of GitHub Actions and write yaml files in GitHub Actions
Integrate security tools in GitHub Actions Pipeline and execute SAST/DAST/SCA scans
Implement robustness in GitHub Actions
End to End Case study on Java Project where we implement DevSecOps Pipeline with GitHub Actions
Learn using a Git repository from Git bash
Learn CI/CD pipeline creation
Learn various tools used for DevSecOps
Learn SonarCloud
Learn Snyk
Learn OWASP ZAP
Learn Yaml
Learn to create DevSecOps Engineer CV
Learn to implement DevSecOps for NodeJS application
Learn to implement DevSecOps for .Net application
Requirements
No Programming knowledge required
Anyone with Basic computer knowledge can take this course
Description
Course Updates:v 8.0 – April 2023Updated course with Indonesian and Chinese Subtitlesv 7.0 – January 2023Added C# Assignment for DevSecOps pipeline along with Solution using GitHub Actions and some common errors and their solutionsv 6.0 – October 2022Updated course with French and German Subtitlesv 5.0 – July 2022Updated course with NodeJS Case Study to implement an End to End DevSecOps Pipeline for a NodeJS Project using GitHub Actions in Section 5v 4.0 – June 2022Updated course with Notes on Populating Code Coverage on SonarCloud or SonarQube Dashboard in Section 3Updated course with Notes on GIT Commands in Section 3Updated course with newer videos to create account with SonarCloud and SnykUpdated course videos contentv 3.0 – May 2022Updated course with Report Walkthrough of SAST, SCA and DAST tools integrated in End to End DevSecOps Pipeline with GitHub Actionsv 2.0 – May 2022Updated course with videos on End To End DevSecOps Pipeline with GitHub ActionsAdded new questions to Quizzesv 1.0 – April 2022Updated course with newer videos on GitHub Actions BasicsAdded Quizzes to the course————————————————————————————————————————————Who shall take this course?This DevSecOps course is designed for Security Engineers, DevOps Engineers, SRE, QA Professionals and Freshers looking to find a job in the field of security. This is a focused DevSecOps course with a special focus on integrating SAST/DAST/SCA tools in Build pipeline. Hands On Experience:1) End to End Case study on Java Project where we implement DevSecOps Pipeline with GitHub Actions (Must Learn)2) Learn and implement security in DevOps pipeline, get Hands On experience in using Security tools & technologies using GitHub Actions This course is for:DevelopersDevOpsSecurity EngineersAspiring professional in the Security domainQuality Assurance EngineersInfoSec/AppSec Professional DevSecOps being the hot skill, will help you to secure a high-salaried job and stay informed on the latest market trends. ————————————————————————————————————————————Why purchase this course?This is only practical hands-on course available on the internet till now.DevSecOps enables rapid application development with agility, at the same time it secures your application with automated security checks integrated within the pipeline. It helps to increase productivity and security by integrating security stages in the pipeline.Also, we have included practical examples to implement security in the DevOps pipeline through various tools.By the end of the course, you will be able to successfully implement DevOps or DevSecOps pipeline and lead initiatives to create, build and maintain security pipelines in your project.————————————————————————————————————————————Things to consider before taking this course:1) Create a GitHub accountDisclaimer: Indonesian, Chinese, French, German, Spanish and English subtitles are generate via Caption Generator tool so please ignore any grammar/interpretation mistakes
Overview
Section 1: Introduction
Lecture 1 Introduction and Course Agenda
Lecture 2 About the course
Section 2: Deep dive into DevSecOps
Lecture 3 Basic Security Terms – If new to security field
Lecture 4 What is DevSecOps?
Lecture 5 Tools used for DevSecOps Implementation in the market
Section 3: Hands On – Integrating Security in DevSecOps Pipeline
Lecture 6 Basics of GitHub Actions – Part 1
Lecture 7 Basics of GitHub Actions – Part 2
Lecture 8 Hands On Prerequisite: Install Visual Studio Code as an Editor on Windows
Lecture 9 Hands On Prerequisite: Install Git Bash on Windows
Lecture 10 Notes on Git Commands
Lecture 11 Hands On Prerequisite: Connect Git Bash with GitHub Account(2 Methods Explained)
Lecture 12 Hands On: Create a simple GitHub Actions yaml file – Part 1
Lecture 13 Hands On: Create a simple GitHub Actions yaml file – Part 2
Lecture 14 Hands On: Create a simple GitHub Actions yaml file – Part 3
Lecture 15 What is Snyk and its benefits?
Lecture 16 Create Snyk Account for running SCA scan
Lecture 17 Hands On: Integrate Snyk in GitHub Actions (SCA scan)
Lecture 18 What is OWASP ZAP and its benefits?
Lecture 19 Note: Check Lecture 21 if you face any issue in lecture 20
Lecture 20 Hands On: Integrate OWASP ZAP in GitHub Actions (DAST scan)
Lecture 21 Very Important: Debug Issues with OWASP ZAP scan
Lecture 22 What is SonarCloud and its benefits?
Lecture 23 Create a SonarCloud Account for running Sonar Analysis on Source Code(SAST scan)
Lecture 24 Hands On: (Very Important) Integrate SonarCloud in GitHub Actions (SAST scan)
Lecture 25 Very Important: Notes on Populating Code Coverage on SonarCloud or SonarQube
Section 4: Java Case Study: Creating DevSecOps End to End Pipeline for a Java Project
Lecture 26 Case Study: Understanding Project Requirements before workflow implementation
Lecture 27 Case Study Hands On: Pre-requisites for running End to End DevSecOps Pipeline
Lecture 28 Case Study Hands On: Workflow file creation and DevSecOps Pipeline execution
Lecture 29 Case Study Hands On: Review DevSecOps Pipeline Results – SonarCloud (SAST scan)
Lecture 30 Case Study Hands On: Review DevSecOps Pipeline Results – Snyk (SCA scan)
Lecture 31 Case Study Hands On: Review DevSecOps Pipeline Results – OWASP ZAP (DAST scan)
Lecture 32 Case Study Hands On: Modifying Workflow file to create Sequential Pipeline
Lecture 33 Debug issues in DevSecOps pipeline
Section 5: NodeJs Case Study: Creating End to End DevSecOps Pipeline for NodeJs Project
Lecture 34 NodeJS Case Study: Understand Project Requirement before workflow implementation
Lecture 35 Hands On: Understand Workflow file created for NodeJs DevSecOps Pipeline
Lecture 36 Hands On: Running NodeJs End to End DevSecOps Pipeline using GitHub Actions
Section 6: Assignment: Build and run DotNet/C# End to End DevSecOps Pipeline
Lecture 37 Assignment to create End to End DevSecOps Repo for .NET/C# Project
Lecture 38 Some Common Errors and their solutions
Section 7: Report Security issues found during SAST, SCA & DAST scans in JIRA
Lecture 39 Hands On: Create JIRA account with Atlassian with custom JIRA site
Lecture 40 Hands On: Report SAST security issues in JIRA identified by SonarCloud
Lecture 41 Hands On: Report SCA security issues in JIRA identified by Snyk
Lecture 42 Hands On: Report DAST security issues in JIRA identified by OWASP ZAP
Lecture 43 Hands On: Integrate JIRA with SonarCloud to create tickets with one-click
Section 8: Next Steps and Bonus section
Lecture 44 Optional: Application Security As a Career
Lecture 45 Sample DevSecOps Engineer CV
Lecture 46 Bonus Lecture
Beginner security engineer,Quality assurance engineers,DevOps/DevSecOps Engineers,Automation Engineers
Course Information:
Udemy | English | 3h 6m | 1.32 GB
Created by: Raghu The Security Expert !!
You Can See More Courses in the IT & Software >> Greetings from CourseDown.com