Learning Path

DevSecOps

Learn security practices, principles and tooling for software development processes.
8 hours, 10 minutes
Start a Free Trial

What you will learn

This learning path teaches you how to design and build security into continuous integration and continuous delivery (CI/CD) pipeline leveraging on processes and tools to automate your software delivery. As you progress through the seven courses, you will acquire core DevSecOps skills such as threat modeling, SCA, SAST, DAST and container security. At the end of the course, you will have the knowledge and skills to integrate security into DevOps platforms and run secure systems.
 

Syllabus

DevSecOps Skill Assessment

Assessment - 41 questions
DevSecOps overview

Course - 00:51:00
An introductory overview of DevSecOps building blocks, walking through concepts, definitions, security models, software development life cycle (SDLC), methodology, principles and practices around DevSecOps. You'll understand how to start incorporating security earlier in application delivery, as well as best practices for incorporating security into DevOps.
Source control management

Course - 00:39:00
A deep dive into source/version control management systems and how to secure on premise and private repositories. A look at Git and GitHub as examples of repositories, software onboarding using repositories, repositories for continuous integration of software and benefits of version control. The course also involves practical demonstrations of some basic Git commands, Git hooks and secret detection in repositories.
Secure CI/CD pipeline

Course - 00:43:00
Exploring the CI/CD pipeline and more. An explanation of continuous integration, continuous delivery and continuous deployment (CI/CD) pipeline and all the distinct stages of a CI/CD pipeline. This course also discusses how to integrate security in a CI/CD pipeline and enforcing security gates as part of an application security testing strategy. We wrap the course up by highlighting every stage of the CI/CD pipeline, using Jenkins.
SCA in CI/CD pipeline

Course - 00:47:00
Neglecting to track and manage all of the open-source components in application is a mistake that could lead to disastrous results. This course focuses on software composition analysis and how to implement OWASP Dependency-Check, an open-source software composition analysis in the CI/CD pipeline.
SAST in CI/CD pipeline

Course - 00:54:00
According to Gartner, SAST should be mandatory requirements for all applications. In this course, you will learn how to inspect and analyze source code vulnerabilities with SAST tools, implementing SAST in the SDLC and CI/CD pipeline and practical demonstration of using SonarQube for static application security testing. Every application works with secrets and sensitive data that can only be accessed by a limited number of users, applications or processes.
DAST in CI/CD pipeline

Course - 00:49:00
The increasing growth of discovered vulnerabilities in production code means more jobs need to be done in finding vulnerabilities during application development and dynamic application security testing (DAST). This course teaches you how to find vulnerabilities in applications using DAST tools, implementing DAST in the pipeline and the main differences between DAST and SAST.
Container security

Course - 00:50:00
Containers and Kubernetes are fast becoming popular due to solving the problem of how to get software to run reliably when moved from one computing environment to another. This course explains container images and registries, Docker, Kubernetes and container observability.
DevSecOps project

Course - 02:27:00

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Get Demo

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial