Explore best practices and tools that can help you implement security across the entirety of the continuous integration and continuous delivery (CI/CD) pipeline.
- [James] Do you want to continuously deliver software that's been tested for security vulnerabilities, is guaranteed to pass compliance audits, and is just overall more secure? If that sounds good to you, then this course is for you. Hi, I'm James Wickett, and I'm the Head of Research at Signal Sciences. I help software delivery teams defend web applications, microservices, and APIs in production from the real attacks they actually face. The possibility of providing more secure software at a way faster rate than ever really excites me.
In this course, we survey the continuous delivery pipeline through the lens of security and break it up into five key stages, Develop, Inherit, Build, Deploy, and Operate. In each of these stages, we'll look for practices and tools that can fit into a DevSecOps Toolchain approach and implement security across the entire breadth of the continuous delivery pipeline. Don't worry if you don't have much experience as a developer or you feel you aren't enough of a security expert. We'll show you what you need to know and give you the tools to get you started.
So, let's get started.
- Goals for a DevSecOps toolchain approach
- Development, inherit, build, deploy, and operation tools
- Keeping secrets with git-secrets
- Using OWASP Dependency Check
- Testing for dependency issues using Retire.js
- Options for software composition analysis
- Key security concerns for the deploy phase
- Tricks for making compliance happy
- Cloud configuration monitoring