We may earn an affiliate commission when you visit our partners.
Peter Mosmans

Automated security testing can be daunting to start with. This course will teach you which tools you can easily implement into your existing CI/CD pipelines and what results can be expected with each tool.

Read more

Automated security testing can be daunting to start with. This course will teach you which tools you can easily implement into your existing CI/CD pipelines and what results can be expected with each tool.

You want to start implementing automated security tests into your existing CI/CD pipelines. In this course, DevSecOps: Adding Security Testing Tools to Pipelines, you’ll learn to select the right tool for the right job. First, you’ll explore several tools that can detect secrets. Next, you’ll discover how to add static and dynamic application security testing tools to pipelines. Finally, you’ll learn how to perform software composition analysis. When you’re finished with this course, you’ll have the skills and knowledge of automated security testing needed to properly implement automated security testing into pipelines: from automatically detecting secrets in your source code all the way to running scans against a running application.

Enroll now

Here's a deal for you

We found an offer that may be relevant to this course.
Save money when you learn. All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.

What's inside

Syllabus

Course Overview
Initializing the Setup for Automated Security Testing
Detecting Secrets in Code
Performing Dockerfile Linting using Hadolint
Read more
Performing Static Application Security Testing Using njsscan
Performing Static Application Security Testing Using SonarQube
Performing Software Composition Analysis Using OWASP Dependency-Check
Detecting Vulnerabilities in Third-party Libraries Using Software Bill of Materials and OWASP Dependency-Track
Detecting Vulnerabilities in Images Using Trivy
Performing Dynamic Application Security Testing Using OWASP ZAP
Performing Dynamic Application Security Testing Using Nikto
Performing Full Automated Security Testing in a Pipeline

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Teaches skills and knowledge required to implement security testing tools into CI/CD pipelines to automate security testing
Taught by experienced instructors who work in the field, offering practical insights
Covers a range of tools for different security testing purposes
Develops skills for selecting the right security testing tool for specific tasks
Provides step-by-step guidance on implementing security testing tools into pipelines
Builds a foundation for understanding and implementing automated security testing

Save this course

Save DevSecOps: Adding Security Testing Tools to Pipelines to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in DevSecOps: Adding Security Testing Tools to Pipelines with these activities:
Review OWASP Dependency-Check
Review the basics of OWASP Dependency-Check to refresh your knowledge and prepare for this course on automated security testing.
Show steps
  • Read OWASP Dependency-Check documentation.
  • Review OWASP Dependency-Check examples.
Review Dockerfile Linting Basics
Brush up on the fundamentals of Dockerfile linting to ensure adherence to security best practices.
Show steps
  • Review Dockerfile linting rules
  • Install and configure Hadolint
  • Lint Dockerfiles for security issues
Attend Security Testing Meetups
Engage with industry experts and fellow learners at security testing meetups to expand your network and knowledge.
Show steps
  • Identify local security testing meetups
  • Attend meetups regularly
  • Network with attendees and speakers
Five other activities
Expand to see all activities and additional details
Show all eight activities
Automate Security Testing with Trivy
Become familiar with Trivy's capabilities and integrate it into your pipeline for automated vulnerability scanning.
Browse courses on Trivy
Show steps
  • Set up Trivy scanner
  • Scan and analyze container image
  • Understand vulnerability findings
Master Static Application Security Testing
Enhance your understanding of SAST and utilize SonarQube for in-depth code analysis and vulnerability detection.
Show steps
  • Install and set up SonarQube
  • Integrate SonarQube into pipeline
  • Analyze and review scan results
  • Remediate security vulnerabilities
Continuous Software Composition Analysis
Develop proficiency in SCA by performing regular analysis to identify and mitigate vulnerabilities in third-party components.
Show steps
  • Configure and integrate SCA tool
  • Analyze application dependencies
  • Identify and prioritize vulnerabilities
  • Remediate or mitigate vulnerabilities
Develop a Comprehensive Security Testing Plan
Create a detailed plan outlining your automated security testing strategy, ensuring a systematic and effective approach.
Show steps
  • Define security testing objectives
  • Identify tools and technologies
  • Establish testing procedures
  • Integrate testing into CI/CD pipeline
  • Track and monitor results
Contribute to Open Source Security Projects
Participate in open source security projects to gain practical experience, enhance your skills, and contribute to the community.
Show steps
  • Identify open source security projects
  • Review project documentation
  • Contribute code or documentation
  • Engage with project maintainers

Career center

Learners who complete DevSecOps: Adding Security Testing Tools to Pipelines will develop knowledge and skills that may be useful to these careers:
Data Scientist
Data Scientists are responsible for collecting, analyzing, and interpreting data to solve business problems. This often includes using machine learning, statistics, and data mining techniques. This course may be useful for Data Scientists wishing to learn how to integrate security testing into machine learning pipelines.
DevOps Engineer
DevOps Engineers are responsible for bridging the gap between development and operations teams. This often includes automating software deployment, managing infrastructure, and monitoring performance. This course may be useful for DevOps Engineers wishing to implement automated security testing into their pipelines.
Security Engineer
Security Engineers are responsible for organizing and implementing all security related measures within an organization. This includes creating security policies, overseeing network security, and managing security intelligence. This course may be useful for Security Engineers wishing to implement automated security testing into their existing CI/CD pipelines.
Systems Administrator
Systems Administrators are responsible for managing and maintaining computer systems. This often includes installing software, configuring hardware, and troubleshooting problems. This course may be useful for Systems Administrators wishing to learn how to integrate automated security testing into their systems management process.
Software Developer
Software Developers are responsible for designing, implementing, and maintaining software applications. This often includes writing code, testing software, and debugging software. This course may be useful for Software Developers wishing to gain experience using security testing tools in pipelines.
Network Security Engineer
Network Security Engineers are responsible for designing and implementing network security solutions. This often includes configuring firewalls, routers, and intrusion detection systems. This course may be useful for Network Security Engineers wishing to learn how to integrate automated security testing into their network security solutions.
Security Consultant
Security Consultants are responsible for providing security advice and guidance to organizations. This often includes assessing security risks, recommending solutions, and implementing security measures. This course may be useful for Security Consultants wishing to learn how to integrate security testing into their consulting practice.
IT Security Analyst
IT Security Analysts are responsible for monitoring and maintaining the security of an organization's IT systems. This often includes identifying security vulnerabilities, assessing risks, and recommending solutions. This course may be useful for IT Security Analysts wishing to gain experience using security testing tools in pipelines.
Cloud Security Engineer
Cloud Security Engineers are responsible for securing cloud computing environments. This often includes designing and implementing security controls, managing cloud security risks, and monitoring cloud security events. This course may be useful for Cloud Security Engineers wishing to implement automated security testing into their pipelines.
Software Test Engineer
Software Test Engineers are responsible for testing software applications to ensure that they meet requirements. This often includes writing test cases, executing tests, and reporting defects. This course may be useful for Software Test Engineers wishing to learn how to integrate automated security testing into their testing process.
Information Security Manager
Information Security Managers are responsible for managing the overall security of an organization's information assets. This often includes developing security policies, overseeing security operations, and managing security budgets. This course may be useful for Information Security Managers wishing to implement automated security testing into their pipelines.
Security Architect
Security Architects are responsible for designing and implementing security solutions for an organization. This often includes developing security strategies, creating security architectures, and managing security risks. This course may be useful for Security Architects wishing to gain experience using security testing tools in pipelines.
Security Researcher
Security Researchers are responsible for discovering and analyzing security vulnerabilities. This often includes developing new security tools and techniques, and publishing research papers. This course may be useful for Security Researchers wishing to learn how to integrate security testing into their research projects.
Security Operations Manager
Security Operations Managers are responsible for managing the day-to-day security operations of an organization. This often includes monitoring security events, responding to security incidents, and reporting on security metrics. This course may be useful for Security Operations Managers wishing to implement automated security testing into their security operations process.
Technical Security Analyst
Technical Security Analysts are responsible for investigating and responding to security incidents. This often includes collecting evidence, analyzing data, and recommending solutions. This course may be useful for Technical Security Analysts wishing to learn how to integrate security testing into their incident response process.

Reading list

We've selected ten books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in DevSecOps: Adding Security Testing Tools to Pipelines.
Provides a comprehensive overview of the Kubernetes platform, and valuable resource for both students and practitioners in the field.
Provides a comprehensive overview of the principles and practices of security engineering, and includes detailed coverage of the latest techniques and technologies. It valuable resource for both students and practitioners in the field.
This comprehensive guide provides a deep dive into software security principles and best practices. It covers topics such as secure design, threat modeling, and code analysis, which will enhance the understanding of the security testing tools and techniques covered in the course.
Provides a comprehensive overview of the principles and practices of site reliability engineering, and valuable resource for both students and practitioners in the field.
Provides a comprehensive overview of the Docker platform, and valuable resource for both students and practitioners in the field.
This classic book provides a comprehensive overview of network security principles and best practices. It will provide a valuable foundation for understanding the security threats that automated security testing tools help to mitigate.
Provides a comprehensive overview of the principles and practices of network security, and includes detailed coverage of the latest applications and standards. It valuable resource for both students and practitioners in the field.
Provides a fictionalized account of the principles and practices of DevOps, and valuable resource for both students and practitioners in the field.
Will provide a solid foundation in threat modeling, which crucial aspect of secure software development. It will enhance the understanding of the security considerations that drive the implementation of automated security testing in pipelines.
Delves into the security aspects of Docker, including best practices for building secure images, detecting vulnerabilities, and hardening containers. It will complement the course's coverage of Dockerfile linting and image scanning.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to DevSecOps: Adding Security Testing Tools to Pipelines.
Microsoft Azure DevOps Engineer: Implement a Secure and...
Most relevant
DevSecOps: Automated Security Testing Fundamentals
Most relevant
DevOps with GitHub and Azure: Implementing CI/CD with...
Most relevant
Learn Azure DevOps CI/CD pipelines
Most relevant
Learn CI/CD YAML pipelines with Azure DevOps
Most relevant
Google Cloud CI/CD Pipelines (GCP DevOps Engineer Track...
Most relevant
Data Engineering on AWS - Foundations
Most relevant
Learn Github Actions for CI/CD DevOps Pipelines
Most relevant
Integrating HashiCorp Vault in DevOps Workflows
Most relevant
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser