Security breaches continue to rise as software and technology infrastructure attacks become more commonplace. It is more important than ever that security considerations be taken into account when developing software. And with 88% of software professionals reporting in the 2021 Open Source Jobs Report that they use DevOps practices in their work, it is essential that teams take an integrated approach that combines DevOps and security.
DevSecOps practices are an extension to standard DevOps practices, focusing on automating security and incorporating it as part of the process, which includes Continuous Delivery, Infrastructure-as-Code (IaC), and observability. Use of DevSecOps results not only in delivering safer code faster, but also facilitates early feedback to developers, helping them build more reliable software.
To help address this growing issue, The Linux Foundation and Continuous Delivery Foundation have partnered to create the “Implementing DevSecOps” online training course, which explores implementing DevSecOps practices into the software delivery pipeline using open source software. The course is designed for software developers, site reliability engineers, and DevOps practitioners looking to speed up delivery of more secure code.
This course begins by laying the foundation of DevSecOps, explaining the principles, practices, cultural aspects and tooling landscape. It then explores incorporating various practices into the Continuous Delivery pipeline including how to:
- Perform Software Composition Analysis (SCA) and add it to the Continuous Integration pipeline
- Perform static code analysis and project gating using SAST tools, scan container images for vulnerability
- Perform Dynamic Application Software Testing (DAST) on a live environment
- Set up a centralized vulnerability management system to provide visibility and alerting, set up
- Build a cloud native DevSecOps pipeline
- Use IaC effectively to enforce compliance, collect logs, analyze events to provide detection and monitoring of security issues
- Address cloud and container related risks
Upon completion, participants will be prepared with real life professional skills to implement DevSecOps practices into software development and delivery processes.
The course is available standalone, or as part of our DevOps Bootcamp program, which provides a structured way to gain the knowledge and skills to utilize DevOps principles and practices – including DevSecOps and GitOps – in a variety of technology roles in as little as 6 months.