DevSecOps Crash Course | Build a DevSecOps Pipeline with GitHub Actions – SAST Security Scan & Container Image Scanning
? 4-month DevSecOps Bootcamp: https://bit.ly/3RaK8KP
? 6-month DevOps Bootcamp: https://bit.ly/483Iott
#devsecops #githubactions #techworldwithnana
? Thanks Progress for supporting this video!
? Automate and Enforce Compliance with Chef: https://prgress.co/chef-compliance
DevSecOps is a set of practices, concepts and tools that combines software development (Dev), security (Sec), and IT operations (Ops) into a single, integrated process. The goal of DevSecOps is to incorporate security into every stage of the software development lifecycle, from design and development to testing and deployment, rather than treating security as a separate and isolated concern.
?????? L I N K S ???????
? OWASP vulnerable Python apphttps://owasp.org/www-project-pygoat
? Forked project: https://github.com/nanuchi/devsecops-crash-course-pygoat
? Docker Scout Links:
– Docker Scout: https://docs.docker.com/scout/
– Docker Scout CLI: https://docs.docker.com/engine/reference/commandline/scout/
– Docker Scout GitHub Action: https://github.com/docker/scout-action
?????? Course Pre-Requisites ??????
? DevOps, GitHub Actions, CI/CD Basics
? GitHub Actions Tutorial: https://youtu.be/R8_veQiYBjI
? What is DevSecOps in 8 minutes: https://youtu.be/nrhxNNH5lt0
?????? What you’ll learn in this DevSecOps crash course ? ??????
? Understanding why DevSecOps concept emerged
? What is DevSecOps
? How DevSecOps works in practice
? DevSecOps Concepts and tools
? Understand what SAST, SCA, DAST, Secret Scanning, Container Image Scanning is
? DevSecOps Concepts and tools
? DevSecOps Demo: Build DevSecOps Pipeline with GitHub Actions
? How to configure SAST Scan with Bandit
? How to configure Container Image Scanning with Docker Scout
? How to generate scan reports
? How to analyze scan reports
? Next Steps to continue your DevSecOps Learning
?????? T I M E S T A M P S ? ??????
00:00 – Intro and Course Overview
01:06 – Importance of Security
06:43 – Before DevSecOps: Security as Afterthought
07:36 – What is DevSecOps
09:40 – How DevSecOps works in Practice: DevSecOps Tools
15:51 – Shifting Security Left
19:19 – DevSecOps DEMO
19:26 – Demo Overview
21:05 – Workflow Templates
22:55 – Configure SAST Scan
31:25 – Analyze scan results
35:18 – Ignore Low Severity Issues
37:40 – Generate Scan Report
44:00 – Configure Image Scanning with Docker Scout
57:27 – Analyze scan results
01:04:12 – Reuse existing GitHub Action for Docker Scout
01:12:57 – Where to go from here
01:16:45 – Next Steps – Cloud and Kubernetes Security
?????? Connect with me ? ??????
INSTAGRAM ? https://bit.ly/2F3LXYJ
TWITTER ? https://bit.ly/3i54PUB
LINKEDIN ? https://bit.ly/3hWOLVT
Facebook group ? https://bit.ly/32UVSZP
