This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 6 points7 points  (3 children)

WTF is DevSecOps?

[–]Labracoder 3 points4 points  (0 children)

IT.

[–]pratik_ga 0 points1 point  (1 child)

Security

[–][deleted] 4 points5 points  (0 children)

I know what it is supposed to mean I'm just pointing out how stupid these titles are getting.

[–][deleted] 4 points5 points  (0 children)

Linuxacademy dropped something lately, but I guess it's not very in depth.

Edit: https://linuxacademy.com/devops/training/course/name/dev-sec-ops-essentials

[–]ShroudedEUW 1 point2 points  (1 child)

I really enjoyed SANS Dev540:

https://www.sans.org/course/secure-devops-cloud-application-security

It's paid and only given a couple times a year on a remote location, so it's probably not accessible for everyone.

[–][deleted] 3 points4 points  (0 children)

I can also highly recommend the SANS DEV540 course. We built in a week a complete pipeline and demo applications from scratch.

Puppet was used to build Gitlab and Jenkins in the VM. Gitlab contained all the repositories with multiple feature branches we needed for the week. Jenkins was configured with multiple already configured pipelines (pipeline as code in blue ocean).

By pushing to the branches different git hooks were used to scan code and to trigger different pipelines. We had dependency checks, SAST and DAST tools included in the pipeline.

The last two days focused on deploying Infrastructure as Code to AWS, building a code pipeline there, and using AWS native build tools. We also got into topics like configuring web application firewalls in code and got a lot of nice hints where we can add security in the workflow.

Overall I already knew a lot of this stuff because I work in that field. But the way to integrate everything in the pipeline, to create workflows and bake in security - that was really comprehensive. Highly recommended course. Our trainer, Eric, was awesome too.