We may earn an affiliate commission when you visit our partners.
Peter Mosmans
Automated security testing can be daunting to start with.
This course will
teach you which tools you can easily implement into your existing CI/CD
pipelines and what results can be expected with each tool.
Read more
Automated security testing can be daunting to start with. This course will teach you which tools you can easily implement into your existing CI/CD pipelines and what results can be expected with each tool.
Read more
Automated security testing can be daunting to start with. This course will teach you which tools you can easily implement into your existing CI/CD pipelines and what results can be expected with each tool.
You want to start implementing automated security tests into your existing CI/CD pipelines. In this course, DevSecOps: Adding Security Testing Tools to Pipelines, you’ll learn to select the right tool for the right job. First, you’ll explore several tools that can detect secrets. Next, you’ll discover how to add static and dynamic application security testing tools to pipelines. Finally, you’ll learn how to perform software composition analysis. When you’re finished with this course, you’ll have the skills and knowledge of automated security testing needed to properly implement automated security testing into pipelines: from automatically detecting secrets in your source code all the way to running scans against a running application.
This course is no longer available. Find something similar by browsing:
Automated Security Testing
DevSecOps
Secret Detection
Dynamic Application Security Testing
Software Composition Analysis
Static Application Security Testing
CI/CD Pipelines
Register for this course and see more details by visiting:
OpenCourser.com/course/thked9/devsecops
What's inside
Syllabus
Course Overview
Initializing the Setup for Automated Security Testing
Detecting Secrets in Code
Performing Dockerfile Linting using Hadolint
Read more
Syllabus
Course Overview
Initializing the Setup for Automated Security Testing
Detecting Secrets in Code
Performing Dockerfile Linting using Hadolint
Read more
Traffic lights
Traffic lights
Read about what's good
what should give you pause and
possible dealbreakers
Teaches skills and knowledge required to implement security testing tools into CI/CD pipelines to automate security testing
Taught by experienced instructors who work in the field, offering practical insights
Covers a range of tools for different security testing purposes
Develops skills for selecting the right security testing tool for specific tasks
Provides step-by-step guidance on implementing security testing tools into pipelines
Builds a foundation for understanding and implementing automated security testing
Save this course
Create your own learning path.
Save this course to your list so you can find it easily later.
Save
Save
Reviews summary
Practical devsecops tool integration
According to learners, this course is a highly practical and well-structured guide for integrating security testing tools into CI/CD pipelines. Students frequently highlight the hands-on labs and clear explanations as key strengths, enabling them to apply concepts directly to their work. While it offers a comprehensive overview of various tools like SonarQube, ZAP, and Trivy, some suggest that certain topics provide more breadth than depth, requiring additional self-study for advanced use cases. It is generally considered a solid introduction for those with some CI/CD familiarity.
Benefits learners with prior CI/CD or security knowledge.
"I already had some CI/CD experience, which I think helped a lot. For someone completely new to pipelines or security, it might be a bit fast-paced."
"The prerequisites aren't always clear, and I struggled a bit without strong prior knowledge of CI/CD."
"It's a good starting point if you're a complete beginner, but intermediate users might find it superficial."
Instructor provides concise and easy-to-understand explanations.
"The instructor clearly explains the 'why' behind each tool, not just the 'how'."
"The instructor's explanations are clear and concise, making complex topics easy to grasp."
"The content is up-to-date and the instructions are very clear."
Introduces a wide range of essential security testing tools.
"It covers a good range, from secrets detection to SAST/DAST. I found the sections on Trivy and Dependency-Check particularly useful."
"Covers a wide array of tools and concepts for DevSecOps. The course provides a solid foundation..."
"I learned a lot about securing Dockerfiles with Hadolint and integrating SCA with Dependency-Check."
"While it covers many tools, ...It serves as a good catalog of tools, but not necessarily a deep dive..."
Focuses on direct implementation and hands-on learning.
"This course is incredibly practical and directly applicable to my work. The hands-on labs were instrumental..."
"Excellent course! ...I especially liked the practical examples of Hadolint and njsscan."
"Fantastic hands-on course! The practical labs are what make this course shine."
"Very practical and well-explained. The course helped me understand how to automate various security tests."
Offers broad coverage but may lack deep dives into advanced topics.
"My only minor critique is that some topics felt a bit rushed, and I would have liked deeper dives into advanced configurations for certain tools."
"I felt it lacked depth in some areas. For instance, the section on OWASP ZAP felt a bit too basic for real-world scenarios..."
"Overall, it's a valuable resource, but be prepared to do some additional research for advanced topics."
"It serves as a good catalog of tools, but not necessarily a deep dive into implementation nuances."
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in DevSecOps: Adding Security Testing Tools to Pipelines with these
activities:
Review OWASP Dependency-Check
Show steps
Review the basics of OWASP Dependency-Check to refresh your knowledge and prepare for this course on automated security testing.
Show steps
-
Read OWASP Dependency-Check documentation.
-
Review OWASP Dependency-Check examples.
Review Dockerfile Linting Basics
Show steps
Brush up on the fundamentals of Dockerfile linting to ensure adherence to security best practices.
Show steps
-
Review Dockerfile linting rules
-
Install and configure Hadolint
-
Lint Dockerfiles for security issues
Attend Security Testing Meetups
Show steps
Engage with industry experts and fellow learners at security testing meetups to expand your network and knowledge.
Show steps
-
Identify local security testing meetups
-
Attend meetups regularly
-
Network with attendees and speakers
Five other activities
Expand to see all activities and additional details
Show all eight activities
Automate Security Testing with Trivy
Show steps
Become familiar with Trivy's capabilities and integrate it into your pipeline for automated vulnerability scanning.
Browse courses on
Trivy
Show steps
-
Set up Trivy scanner
-
Scan and analyze container image
-
Understand vulnerability findings
Master Static Application Security Testing
Show steps
Enhance your understanding of SAST and utilize SonarQube for in-depth code analysis and vulnerability detection.
Browse courses on
Static Application Security Testing
Show steps
-
Install and set up SonarQube
-
Integrate SonarQube into pipeline
-
Analyze and review scan results
-
Remediate security vulnerabilities
Continuous Software Composition Analysis
Show steps
Develop proficiency in SCA by performing regular analysis to identify and mitigate vulnerabilities in third-party components.
Browse courses on
Software Composition Analysis
Show steps
-
Configure and integrate SCA tool
-
Analyze application dependencies
-
Identify and prioritize vulnerabilities
-
Remediate or mitigate vulnerabilities
Develop a Comprehensive Security Testing Plan
Show steps
Create a detailed plan outlining your automated security testing strategy, ensuring a systematic and effective approach.
Show steps
-
Define security testing objectives
-
Identify tools and technologies
-
Establish testing procedures
-
Integrate testing into CI/CD pipeline
-
Track and monitor results
Contribute to Open Source Security Projects
Show steps
Participate in open source security projects to gain practical experience, enhance your skills, and contribute to the community.
Show steps
-
Identify open source security projects
-
Review project documentation
-
Contribute code or documentation
-
Engage with project maintainers
Review OWASP Dependency-Check
Show steps
Review the basics of OWASP Dependency-Check to refresh your knowledge and prepare for this course on automated security testing.
Show steps
Show steps
Show steps
- Read OWASP Dependency-Check documentation.
- Review OWASP Dependency-Check examples.
Review Dockerfile Linting Basics
Show steps
Brush up on the fundamentals of Dockerfile linting to ensure adherence to security best practices.
Show steps
Show steps
Show steps
- Review Dockerfile linting rules
- Install and configure Hadolint
- Lint Dockerfiles for security issues
Attend Security Testing Meetups
Show steps
Engage with industry experts and fellow learners at security testing meetups to expand your network and knowledge.
Show steps
Show steps
Show steps
- Identify local security testing meetups
- Attend meetups regularly
- Network with attendees and speakers
Five other activities
Expand to see all activities and additional details
Show all eight activities
Automate Security Testing with Trivy
Show steps
Become familiar with Trivy's capabilities and integrate it into your pipeline for automated vulnerability scanning.
Browse courses on
Trivy
Show steps
Show steps
Show steps
- Set up Trivy scanner
- Scan and analyze container image
- Understand vulnerability findings
Master Static Application Security Testing
Show steps
Enhance your understanding of SAST and utilize SonarQube for in-depth code analysis and vulnerability detection.
Browse courses on
Static Application Security Testing
Show steps
Show steps
Show steps
- Install and set up SonarQube
- Integrate SonarQube into pipeline
- Analyze and review scan results
- Remediate security vulnerabilities
Continuous Software Composition Analysis
Show steps
Develop proficiency in SCA by performing regular analysis to identify and mitigate vulnerabilities in third-party components.
Browse courses on
Software Composition Analysis
Show steps
Show steps
Show steps
- Configure and integrate SCA tool
- Analyze application dependencies
- Identify and prioritize vulnerabilities
- Remediate or mitigate vulnerabilities
Develop a Comprehensive Security Testing Plan
Show steps
Create a detailed plan outlining your automated security testing strategy, ensuring a systematic and effective approach.
Show steps
Show steps
Show steps
- Define security testing objectives
- Identify tools and technologies
- Establish testing procedures
- Integrate testing into CI/CD pipeline
- Track and monitor results
Contribute to Open Source Security Projects
Show steps
Participate in open source security projects to gain practical experience, enhance your skills, and contribute to the community.
Show steps
Show steps
Show steps
- Identify open source security projects
- Review project documentation
- Contribute code or documentation
- Engage with project maintainers
Career center
Learners who complete DevSecOps: Adding Security Testing Tools to Pipelines will develop knowledge and skills
that may be useful to these careers:
Security Engineer
Security Engineer
Security Engineers are responsible for organizing and implementing all security related measures within an organization. This includes creating security policies, overseeing network security, and managing security intelligence. This course may be useful for Security Engineers wishing to implement automated security testing into their existing CI/CD pipelines.
Software Developer
Software Developer
Software Developers are responsible for designing, implementing, and maintaining software applications. This often includes writing code, testing software, and debugging software. This course may be useful for Software Developers wishing to gain experience using security testing tools in pipelines.
DevOps Engineer
DevOps Engineer
DevOps Engineers are responsible for bridging the gap between development and operations teams. This often includes automating software deployment, managing infrastructure, and monitoring performance. This course may be useful for DevOps Engineers wishing to implement automated security testing into their pipelines.
IT Security Analyst
IT Security Analyst
IT Security Analysts are responsible for monitoring and maintaining the security of an organization's IT systems. This often includes identifying security vulnerabilities, assessing risks, and recommending solutions. This course may be useful for IT Security Analysts wishing to gain experience using security testing tools in pipelines.
Security Architect
Security Architect
Security Architects are responsible for designing and implementing security solutions for an organization. This often includes developing security strategies, creating security architectures, and managing security risks. This course may be useful for Security Architects wishing to gain experience using security testing tools in pipelines.
Data Scientist
Data Scientist
Data Scientists are responsible for collecting, analyzing, and interpreting data to solve business problems. This often includes using machine learning, statistics, and data mining techniques. This course may be useful for Data Scientists wishing to learn how to integrate security testing into machine learning pipelines.
Information Security Manager
Information Security Manager
Information Security Managers are responsible for managing the overall security of an organization's information assets. This often includes developing security policies, overseeing security operations, and managing security budgets. This course may be useful for Information Security Managers wishing to implement automated security testing into their pipelines.
Security Consultant
Security Consultant
Security Consultants are responsible for providing security advice and guidance to organizations. This often includes assessing security risks, recommending solutions, and implementing security measures. This course may be useful for Security Consultants wishing to learn how to integrate security testing into their consulting practice.
Cloud Security Engineer
Cloud Security Engineer
Cloud Security Engineers are responsible for securing cloud computing environments. This often includes designing and implementing security controls, managing cloud security risks, and monitoring cloud security events. This course may be useful for Cloud Security Engineers wishing to implement automated security testing into their pipelines.
Security Researcher
Security Researcher
Security Researchers are responsible for discovering and analyzing security vulnerabilities. This often includes developing new security tools and techniques, and publishing research papers. This course may be useful for Security Researchers wishing to learn how to integrate security testing into their research projects.
Technical Security Analyst
Technical Security Analyst
Technical Security Analysts are responsible for investigating and responding to security incidents. This often includes collecting evidence, analyzing data, and recommending solutions. This course may be useful for Technical Security Analysts wishing to learn how to integrate security testing into their incident response process.
Software Test Engineer
Software Test Engineer
Software Test Engineers are responsible for testing software applications to ensure that they meet requirements. This often includes writing test cases, executing tests, and reporting defects. This course may be useful for Software Test Engineers wishing to learn how to integrate automated security testing into their testing process.
Systems Administrator
Systems Administrator
Systems Administrators are responsible for managing and maintaining computer systems. This often includes installing software, configuring hardware, and troubleshooting problems. This course may be useful for Systems Administrators wishing to learn how to integrate automated security testing into their systems management process.
Network Security Engineer
Network Security Engineer
Network Security Engineers are responsible for designing and implementing network security solutions. This often includes configuring firewalls, routers, and intrusion detection systems. This course may be useful for Network Security Engineers wishing to learn how to integrate automated security testing into their network security solutions.
Security Operations Manager
Security Operations Manager
Security Operations Managers are responsible for managing the day-to-day security operations of an organization. This often includes monitoring security events, responding to security incidents, and reporting on security metrics. This course may be useful for Security Operations Managers wishing to implement automated security testing into their security operations process.
For more career information including salaries, visit:
OpenCourser.com/course/thked9/devsecops
Reading list
We've selected ten books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
DevSecOps: Adding Security Testing Tools to Pipelines.
Provides a comprehensive overview of the Kubernetes platform, and valuable resource for both students and practitioners in the field.
Provides a comprehensive overview of the principles and practices of security engineering, and includes detailed coverage of the latest techniques and technologies. It valuable resource for both students and practitioners in the field.
Save
This comprehensive guide provides a deep dive into software security principles and best practices. It covers topics such as secure design, threat modeling, and code analysis, which will enhance the understanding of the security testing tools and techniques covered in the course.
Provides a comprehensive overview of the principles and practices of site reliability engineering, and valuable resource for both students and practitioners in the field.
Provides a comprehensive overview of the Docker platform, and valuable resource for both students and practitioners in the field.
Save
This classic book provides a comprehensive overview of network security principles and best practices. It will provide a valuable foundation for understanding the security threats that automated security testing tools help to mitigate.
Provides a comprehensive overview of the principles and practices of network security, and includes detailed coverage of the latest applications and standards. It valuable resource for both students and practitioners in the field.
Save
Provides a fictionalized account of the principles and practices of DevOps, and valuable resource for both students and practitioners in the field.
Save
Will provide a solid foundation in threat modeling, which crucial aspect of secure software development. It will enhance the understanding of the security considerations that drive the implementation of automated security testing in pipelines.
Save
Delves into the security aspects of Docker, including best practices for building secure images, detecting vulnerabilities, and hardening containers. It will complement the course's coverage of Dockerfile linting and image scanning.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/thked9/devsecops
Share
Similar courses
Similar courses are unavailable at this time. Please try again later.
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2025 OpenCourser