easylearn.ing
Easy Learning with Ultimate DevSecOps Bootcamp by School of Devops
IT & Software > Network & Security
9h 37m
£44.99 Free for 3 days
4.5

Enroll Now

Language: English

Sale Ends: 06 Feb

Mastering DevSecOps: Build Secure Kubernetes CI/CD Pipelines

What you will learn:

  • Grasp the fundamental tenets of DevSecOps and their seamless integration into contemporary software delivery workflows.
  • Establish a robust, fully-equipped development environment leveraging Google Cloud Platform (GCP), Kubernetes Engine (GKE), and critical DevOps utility tools.
  • Construct a fortified Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing Jenkins, Helm, Docker, and Kubernetes for efficient and secure deployments.
  • Execute advanced Software Composition Analysis (SCA) with OWASP Dependency-Check, Pyraider, and Dependency-Track to proactively identify and manage third-party component vulnerabilities.
  • Incorporate Static Application Security Testing (SAST) using cutting-edge tools such as slscan directly into your CI/CD pipeline for early vulnerability detection.
  • Perform Dynamic Application Security Testing (DAST) with OWASP ZAP during deployment phases to pinpoint and address runtime vulnerabilities effectively.
  • Strengthen container images through practices like using Dockle, Trivy, and strategically designed multi-stage Dockerfiles to minimize potential attack vectors.
  • Implement secure management of sensitive credentials and enforce compliant secrets injection mechanisms using HashiCorp Vault integrated with Kubernetes.
  • Automate system-level compliance validation and infrastructure hardening utilizing InSpec and Ansible, adopting a 'Compliance-as-Code' methodology.
  • Fortify Kubernetes workloads by configuring security contexts, Pod Security Standards (or policies), resource constraints, and integrating runtime security scanning solutions like Falco.
  • Develop and deploy AI/ML and other containerized applications securely, employing modern GitOps principles and ArgoCD for declarative management.
  • Automate the detection and swift remediation of runtime anomalies using Falco in conjunction with Argo Workflows for proactive threat response.
  • Comprehend the significance of Software Bill of Materials (SBOM) and integrate automated SBOM generation within your secure CI/CD pipeline.
  • Engineer a comprehensive, end-to-end secure DevOps pipeline tailored for real-world applications, from initial code commit to production deployment, fortified with continuous security monitoring.

Description

In today's dynamic cloud-native landscape, are you deploying critical applications or AI/ML models on Kubernetes? For every DevOps Engineer, Platform Engineer, and AI/ML specialist, proactive security integration is paramount, not merely an optional add-on.

This intensive, hands-on DevSecOps training empowers you to architect and deploy highly secure, production-grade CI/CD pipelines. Discover how to seamlessly embed robust security measures throughout your entire Software Development Lifecycle (SDLC), guaranteeing applications are intrinsically secure from inception to operation. You will delve deep into core DevSecOps principles, understanding how to cultivate a secure software delivery lifecycle.

Our curriculum covers crucial aspects like building resilient CI/CD pipelines with Jenkins on Kubernetes, implementing advanced Software Composition Analysis (SCA) using OWASP Dependency-Check, Pyraider, and Dependency-Track to mitigate software supply chain risks. You'll gain expertise in Static Application Security Testing (SAST) with tools like slscan and Dynamic Application Security Testing (DAST) using OWASP ZAP for comprehensive vulnerability detection across your codebase and deployed applications.

Learn to harden container images with Trivy and Dockle, employing multi-stage Dockerfiles for reduced attack surfaces and enhanced security posture. We'll explore robust secrets management using HashiCorp Vault and Kubernetes RBAC, alongside enforcing compliance-as-code with InSpec and Ansible. Crucially, you'll master runtime security monitoring via Falco, complete with automated response pipelines, and secure deployment workflows through GitOps practices utilizing ArgoCD and Kubernetes.

The curriculum extensively features practical work with industry-standard tools including Jenkins, Helm, Kubernetes (GKE), ArgoCD, Trivy, Dockle, OWASP ZAP, slscan, Pyraider, HashiCorp Vault, InSpec, Ansible, Falco, Argo Workflows, Docker, Kubernetes RBAC, and Git/GitHub, ensuring you build a diverse and highly sought-after skillset ready for enterprise challenges.

This transformative learning experience is specifically designed for DevOps and Cloud Engineers aspiring to fortify their security expertise, AI/ML Engineers deploying intelligent models and services on Kubernetes, Platform Engineers managing complex microservices infrastructures at scale, Security Engineers eager to transition into proactive DevSecOps methodologies, and Developers building secure, containerized applications destined for production environments.

This is far from a theoretical exposition; it's an immersive journey into real-world scenarios. You will engage in challenging labs and projects that precisely replicate the security practices adopted by leading engineering teams to safeguard their software pipelines in live production settings. Regardless of whether you're rolling out a sophisticated machine learning model, a critical microservice, or a scalable SaaS product, this comprehensive program will equip you to achieve deployments that are inherently secure, highly scalable, and fully compliant with modern industry standards.

Curriculum

Introduction to DevSecOps & Foundation Setup

This section introduces the foundational concepts of DevSecOps, explaining its principles and how security is woven into every stage of the software development lifecycle. You will learn to set up a robust DevSecOps learning environment on Google Cloud Platform (GCP), provision a Kubernetes (GKE) cluster, and configure essential DevOps tools, preparing your workspace for advanced security integrations.

Building Secure CI/CD with Jenkins & Kubernetes

Dive into constructing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline. This section focuses on leveraging Jenkins for orchestration, Helm for Kubernetes package management, and Docker for containerization, ensuring your pipeline components are secure by default and integrated seamlessly with Kubernetes.

Software Supply Chain Security: SCA, SAST & DAST

Address software supply chain vulnerabilities head-on. You will implement Software Composition Analysis (SCA) using tools like OWASP Dependency-Check, Pyraider, and Dependency-Track to identify and manage open-source risks. Further, you'll integrate Static Application Security Testing (SAST) with slscan into your CI/CD and perform Dynamic Application Security Testing (DAST) using OWASP ZAP to uncover runtime application flaws.

Container Image Hardening & Security Best Practices

Learn critical techniques for securing your container images. This section covers image vulnerability scanning with Trivy, Dockerfile linting with Dockle, and the implementation of multi-stage Dockerfiles to significantly reduce the attack surface and build lightweight, secure container images.

Secrets Management & Compliance-as-Code

Master the secure handling of sensitive data. You will configure HashiCorp Vault for robust secrets management and learn secure secrets injection into Kubernetes workloads using RBAC. Additionally, this module explores compliance-as-code principles, using InSpec for auditing and Ansible for automated infrastructure hardening and policy enforcement.

Kubernetes Workload & Runtime Security

Fortify your Kubernetes deployments with advanced security configurations. This section details implementing security contexts, Pod Security Standards (or best practices), and resource limits. Crucially, you will deploy and configure Falco for real-time runtime security monitoring and threat detection within your Kubernetes clusters.

Secure GitOps for Deployment & Remediation

Adopt declarative security through GitOps. This module guides you through building secure deployment workflows using ArgoCD for Kubernetes, ensuring infrastructure and application states are managed from a trusted Git repository. You'll also learn to automate anomaly detection responses and remediation actions using Falco integrated with Argo Workflows.

Advanced DevSecOps Integration & Real-World Projects

Consolidate your knowledge by designing and implementing an end-to-end secure DevSecOps pipeline for real-world applications. This final section includes understanding and generating Software Bill of Materials (SBOMs) and focuses on architectural best practices for continuous security monitoring, ensuring your deployments are secure, scalable, and compliant from code to production. You'll work on projects simulating modern engineering challenges to apply all learned tools and methodologies.

Deal Source: real.discount