{"id":275,"date":"2024-10-29T03:32:34","date_gmt":"2024-10-29T03:32:34","guid":{"rendered":"https:\/\/emagetech.io\/en\/?page_id=275"},"modified":"2025-03-15T14:20:48","modified_gmt":"2025-03-15T14:20:48","slug":"devsecops","status":"publish","type":"page","link":"https:\/\/emagetech.io\/en\/devsecops\/","title":{"rendered":"DevSecOps"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column width=&#8221;2\/3&#8243;][vc_empty_space height=&#8221;25px&#8221;][vc_column_text css=&#8221;&#8221;]DevSecOps, which is short for development, security and operations, is an application development practice that automates the integration of security and security practices at every phase of the software development lifecycle, from initial design through integration, testing, delivery and deployment.[\/vc_column_text][vc_row_inner css=&#8221;.vc_custom_1536153128553{padding-top: 80px !important;padding-bottom: 80px !important;}&#8221;][vc_column_inner offset=&#8221;vc_col-lg-8&#8243;][vc_toggle title=&#8221;Fundamentals&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221; el_id=&#8221;1486465455111-0cc2408f-96b7&#8243;]<\/p>\n<div class=\"elementor-accordion-item\">\n<div id=\"elementor-tab-content-7681\" class=\"elementor-tab-content elementor-clearfix elementor-active\" role=\"region\" data-tab=\"1\" aria-labelledby=\"elementor-tab-title-7681\">\n<ul>\n<li data-sourcepos=\"4:1-7:24\"><strong>DevSecOps Principles:<\/strong>\n<ul data-sourcepos=\"5:4-7:24\">\n<li data-sourcepos=\"5:4-5:30\">Introduction to DevSecOps<\/li>\n<li data-sourcepos=\"6:4-6:34\">Core principles and practices<\/li>\n<li data-sourcepos=\"7:4-7:24\">Shift-Left security<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"8:1-12:0\"><strong>Version Control with Git:<\/strong>\n<ul data-sourcepos=\"9:4-12:0\">\n<li data-sourcepos=\"9:4-9:23\">Basic Git commands<\/li>\n<li data-sourcepos=\"10:4-10:37\">Branching and merging strategies<\/li>\n<li data-sourcepos=\"11:4-12:0\">Git workflows (GitFlow, Forking)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<p>[\/vc_toggle][vc_toggle title=&#8221;Infrastructure as Code (IaC)&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221; el_id=&#8221;1489502905563-e29b0d23-e63e&#8221;]<\/p>\n<ul>\n<li data-sourcepos=\"14:1-16:27\"><strong>Introduction to IaC:<\/strong>\n<ul data-sourcepos=\"15:4-16:27\">\n<li data-sourcepos=\"15:4-15:20\">Benefits of IaC<\/li>\n<li data-sourcepos=\"16:4-16:27\">Best practices for IaC<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"17:1-20:18\"><strong>Ansible:<\/strong>\n<ul data-sourcepos=\"18:4-20:18\">\n<li data-sourcepos=\"18:4-18:42\">Configuration management with Ansible<\/li>\n<li data-sourcepos=\"19:4-19:26\">Playbooks and modules<\/li>\n<li data-sourcepos=\"20:4-20:18\">Ansible roles<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"21:1-25:0\"><strong>Terraform:<\/strong>\n<ul data-sourcepos=\"22:4-25:0\">\n<li data-sourcepos=\"22:4-22:47\">Infrastructure provisioning with Terraform<\/li>\n<li data-sourcepos=\"23:4-23:22\">Terraform modules<\/li>\n<li data-sourcepos=\"24:4-25:0\">State files and remote state<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>[\/vc_toggle][vc_toggle title=&#8221;CI\/CD Pipelines&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221; el_id=&#8221;1489502905062-f32a7618-e6e0&#8243;]<\/p>\n<ul>\n<li data-sourcepos=\"27:1-30:36\"><strong>CI\/CD Tools:<\/strong>\n<ul data-sourcepos=\"28:4-30:36\">\n<li data-sourcepos=\"28:4-28:17\">GitLab CI\/CD<\/li>\n<li data-sourcepos=\"29:4-29:29\">Jenkins (brief overview)<\/li>\n<li data-sourcepos=\"30:4-30:36\">GitHub Actions (brief overview)<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"31:1-34:25\"><strong>Pipeline Design and Implementation:<\/strong>\n<ul data-sourcepos=\"32:4-34:25\">\n<li data-sourcepos=\"32:4-32:29\">Creating CI\/CD pipelines<\/li>\n<li data-sourcepos=\"33:4-33:29\">Pipeline stages and jobs<\/li>\n<li data-sourcepos=\"34:4-34:25\">Triggering pipelines<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"35:1-40:0\"><strong>Security in CI\/CD:<\/strong>\n<ul data-sourcepos=\"36:4-40:0\">\n<li data-sourcepos=\"36:4-36:28\">Secure coding practices<\/li>\n<li data-sourcepos=\"37:4-37:62\">Static Application Security Testing (SAST) with SonarQube<\/li>\n<li data-sourcepos=\"38:4-38:51\">Software Composition Analysis (SCA) with Trivy<\/li>\n<li data-sourcepos=\"39:4-40:0\">Secret management<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>[\/vc_toggle][vc_toggle title=&#8221;Containerization and Orchestration&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221;]<\/p>\n<ul>\n<li data-sourcepos=\"42:1-45:30\"><strong>Docker:<\/strong>\n<ul data-sourcepos=\"43:4-45:30\">\n<li data-sourcepos=\"43:4-43:18\">Docker basics<\/li>\n<li data-sourcepos=\"44:4-44:33\">Docker images and containers<\/li>\n<li data-sourcepos=\"45:4-45:30\">Dockerfile best practices<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"46:1-49:66\"><strong>Kubernetes:<\/strong>\n<ul data-sourcepos=\"47:4-49:66\">\n<li data-sourcepos=\"47:4-47:28\">Kubernetes architecture<\/li>\n<li data-sourcepos=\"48:4-48:41\">Deploying applications on Kubernetes<\/li>\n<li data-sourcepos=\"49:4-49:66\">Kubernetes security best practices (CIS Kubernetes Benchmark)<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"50:1-54:0\"><strong>Container Security:<\/strong>\n<ul data-sourcepos=\"51:4-54:0\">\n<li data-sourcepos=\"51:4-51:30\">Image scanning with Trivy<\/li>\n<li data-sourcepos=\"52:4-52:21\">Network policies<\/li>\n<li data-sourcepos=\"53:4-54:0\">Secrets management<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>[\/vc_toggle][vc_toggle title=&#8221;Observability and Monitoring&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221;]<\/p>\n<ul>\n<li data-sourcepos=\"56:1-58:33\"><strong>Logging:<\/strong>\n<ul data-sourcepos=\"57:4-58:33\">\n<li data-sourcepos=\"57:4-57:60\">Centralized logging with tools like ELK Stack or Splunk<\/li>\n<li data-sourcepos=\"58:4-58:33\">Log aggregation and analysis<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"59:1-61:45\"><strong>Monitoring:<\/strong>\n<ul data-sourcepos=\"60:4-61:45\">\n<li data-sourcepos=\"60:4-60:69\">Infrastructure monitoring with tools like Prometheus and Grafana<\/li>\n<li data-sourcepos=\"61:4-61:45\">Application performance monitoring (APM)<\/li>\n<\/ul>\n<\/li>\n<li data-sourcepos=\"62:1-65:0\"><strong>Alerting:<\/strong>\n<ul data-sourcepos=\"63:4-65:0\">\n<li data-sourcepos=\"63:4-63:42\">Setting up alerts for critical events<\/li>\n<li data-sourcepos=\"64:4-65:0\">Alerting with tools like PagerDuty or OpsGenie<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>[\/vc_toggle][vc_toggle title=&#8221;Additional Topics&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221;]<\/p>\n<ul>\n<li data-sourcepos=\"48:1-48:34\"><strong>Security Testing:<\/strong>\n<ul data-sourcepos=\"75:4-78:0\">\n<li data-sourcepos=\"75:4-75:63\">Dynamic Application Security Testing (DAST) with OWASP ZAP<\/li>\n<li data-sourcepos=\"76:4-76:24\">Penetration testing<\/li>\n<li data-sourcepos=\"77:4-78:0\">Security scanning tools<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>[\/vc_toggle][\/vc_column_inner][\/vc_row_inner][\/vc_column][vc_column width=&#8221;1\/3&#8243;][vc_empty_space height=&#8221;25px&#8221;]<header class=\"kd-section-title col-lg-12 text-left    \" ><h2 class=\"separator_off\" >Enroll<\/h2><\/header>[vc_column_text css=&#8221;&#8221;]<\/p>\n<h4>Cost &#8211; $3500<br \/>\nDuration &#8211; 3 months<\/h4>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;10px&#8221;][vc_btn title=&#8221;Deposit&#8221; color=&#8221;blue&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221; link=&#8221;url:https%3A%2F%2Flink.waveapps.com%2Fztw6cz-43u8qt&#8221;][vc_empty_space height=&#8221;5px&#8221;][vc_btn title=&#8221;Full payment&#8221; color=&#8221;blue&#8221; css_animation=&#8221;none&#8221; css=&#8221;&#8221; link=&#8221;url:https%3A%2F%2Flink.waveapps.com%2F5rpe75-6q8xpt&#8221;][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column width=&#8221;2\/3&#8243;][vc_empty_space height=&#8221;25px&#8221;][vc_column_text css=&#8221;&#8221;]DevSecOps, which is short for development, security and operations, is an application development practice that automates the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":114,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-275","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/pages\/275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/comments?post=275"}],"version-history":[{"count":9,"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/pages\/275\/revisions"}],"predecessor-version":[{"id":368,"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/pages\/275\/revisions\/368"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/media\/114"}],"wp:attachment":[{"href":"https:\/\/emagetech.io\/en\/wp-json\/wp\/v2\/media?parent=275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}