Advanced Devsecops: Real-World Security For Devops Engineers
Published 3/2025
MP4 | Video: h264, 1920×1080 | Audio: AAC, 44.1 KHz
Master security in DevOps with hands-on projects, secure pipelines, real-world attack scenarios, and compliance practice
What you’ll learn
Secure the DevOps lifecycle: Integrate security into planning, coding, building, testing, deployment, and monitoring.
Build a Secure CI/CD Pipeline: Automate security scanning for code, dependencies, and infrastructure.
Identify vulnerabilities using tools like Snyk, Trivy, Kyverno, Cosign etc
Kubernetes & Container Security: Secure Kubernetes clusters, apply RBAC, Check for runtime security, and scan images with Trivy etc.
Secrets & Credential Management: Safeguard sensitive data with Kubernetes Secrets and learn best practices to manage them.
Security Compliance & Policy as Code: Automate security governance using tools like Kyverno on Kubernetes.
Final Capstone Project: Apply everything learned to secure a cloud-native microservices application, ensuring end-to-end security from code to deployment.
Requirements
Basic DevOps Knowledge – Familiarity with DevOps workflows and CI/CD pipelines.
Experience with Linux & Containers – Ability to work in the terminal and use Docker/Kubernetes.
General Cloud Knowledge – Understanding of AWS, Azure, or GCP is helpful but not mandatory.
No Prior Security Experience Required – This course covers security fundamentals before diving into advanced topics.
A Laptop/PC with Docker & Cloud Account – Labs are hands-on, so having a free-tier cloud account (AWS/Azure/GCP) is recommended.
Description
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: Introduction to DevSecOps
Lecture 2 01. Introduction to CI/CD
Lecture 3 02. Security Scope
Section 3: Source Code Security
Lecture 4 03. Source Code Security and Analysis
Lecture 5 04. Setting up and Configuring Sonarqube with Docker
Lecture 6 05. Installing Sonarqube on Kubernetes
Lecture 7 06. Scanning your Projects using Sonarqube
Section 4: CVEs and Dependency Security
Lecture 8 07. Common Vulnaribilities and exposures
Lecture 9 08. Managing Application Dependencies
Lecture 10 09. Configuring jenkins to run the Dependency Audit
Lecture 11 10. Continuous Security Audits with Jenkins
Section 6: Container Security
Lecture 12 11. Introduction to Container Security
Lecture 13 12. Managing Container Permissions
Lecture 14 13. Picking the most secure Base Image
Lecture 15 14. Using Trivy to Scan Container Images
Section 7: Trivy – Deep Dive
Lecture 16 15. Deep Dive into Trivy
Section 8: Shifting Security to Left with Jenkins Pipelines
Lecture 17 16. Integrating Trivy with Jenkins
Lecture 18 17. DevSecOps with Jenkins
Lecture 19 18. Steps in the Jenkins Pipeline
Lecture 20 19. Configuring and Running the Jenkins DevSecOps Pipeline
Section 9: Supply Chain Security
Lecture 21 20. Supply Chain Security
Lecture 22 21. Using Digital Signature to verify the sender
Lecture 23 22. Signing the Container Images with Cosign
Lecture 24 23. Verifying the Image Signatures at receiver end
Section 10: Implementing Security with Policies
Lecture 25 24. Protecting Kubernetes Clusters with Policies
Lecture 26 25. Deep dive into Kyverno
Section 11: The Final Project on DevSecOps
Lecture 27 26. The DevSecOps Project
Lecture 28 27. DevSecOps Project Daily Plans
DevOps Engineers & SREs – Secure DevOps workflows and automate security in CI/CD.,Security Engineers – Understand DevSecOps and implement security controls in cloud-native environments.,Cloud & Kubernetes Engineers – Learn security best practices for containers, Kubernetes clusters, and cloud applications.,Software Developers – Build security into the SDLC and write secure code with automated security testing.,QA & Test Engineers – Learn how to integrate security testing in CI/CD pipelines.,IT Professionals & Architects – Implement DevSecOps strategies at scale.,Anyone looking to break into DevSecOps – This course provides real-world, job-ready security skills for cloud and DevOps professionals.
