DevSecOps SAST(/w GitLab)

Name: DevSecOps SAST(/w GitLab)
Price: 49500 KRW

I've heard a lot about DevSecOps, but what exactly is it?

You can set goals for what a DevSecOps environment is and what efforts you should put into building it!

Security teams want to leverage DevOps (CI/CD) environments, but aren't sure where to start!

A self-assessment and goal-setting method presented using various DevSecOps criteria.
Example environment configuration using open source (GitLab, Jenkins, SonarQube, etc.) for configuring a DevSecOps environment

※ DevSecOps SAST lecture is a continuation of the DevSecOps Basic ( Link ) lecture.

Because a single course cannot fully cover the automation of source code vulnerability assessments across diverse DevOps environments, we've created a separate course. The tools used to configure automated source code vulnerability assessments in each course are listed below.

Please take the course in an environment similar to the one currently used at your company.

DevSecOps Basic

DevSecOps theory and a proposed model for configuring a DevSecOps environment.
Jenkins, Automated Source Code Vulnerability Checking in a GitHub Environment

DevSecOps SAST (/w GitLab)

DevSecOps theory
Configuring an automated source code vulnerability check environment in Jenkins, GitLab , and GitLab-only environments.

Learning Content

It was created with a focus on the basics of DevSecOps and setting up a practical environment.
Section 1: What is DevSecOps?
Section 2: Configuring a CI Environment and Automated SAST (Source Code Vulnerability Checking) Scanning Environment in a CI Environment
Section 3: Monitoring Measures

Section (1) DevSecOps Basic

Let's take a look at what DevSecOps is and how to plan for its implementation in your environment.

Verify and configure the lecture example environment to introduce the basic DevSecOps environment.

Section (2) CI & SAST

This hands-on exercise demonstrates how to implement automated SAST (Source Code Vulnerability Scanning Tool) inspection to apply Sec in a DevOps environment.

Tools used: Jenkins & GitLab

Section (3) Monitor

We propose a monitoring plan to ensure normal operation after SAST automatic inspection.

Tools used: Prometheus & Grafana

Things to note before taking the course

This course is for those who are considering moving from a basic DevOps environment to a DevSecOps environment, rather than implementing a DevSecOps environment that can be applied across various environments.
Through hands-on training, you will build a simple DevOps (CI/CD Pipeline) environment and configure an environment for automated SAST inspection in the built environment.

Practice environment

Operating System and Version (OS): The environment in which Docker runs (Windows, Linux OSX, Mac, etc.)
Tools used: Docker Desktop
PC specifications: A practical environment will be created using a total of five Docker images. Any specifications that can run approximately five Docker containers simultaneously are sufficient.

Learning Materials

Lecture materials are provided in PDF format, and the code required for practice is provided in the attached files for each lecture.

Player Knowledge and Precautions

This article primarily introduces a method for building an automated SAST/DAST vulnerability inspection environment based on a CI/CD pipeline for building a DevSecOps environment.
Since we cannot cover all the various SAST/DAST tools, such as reducing false positive rates and improving detection rules for SAST/DAST, we would appreciate it if you could provide information based on the automated DevSecOps environment configuration.
- We plan to continue producing a series of lectures on the topic of DevSecOps, and we plan to additionally write basic content on reducing false positives or enhancing detection rules based on open source tools (e.g. SonarQube, ZAP).

DevSecOps SAST(/w GitLab)

What you will learn!