DevSecOps & CI/CD for Beginners
- This training is being held virtually via Zoom.
- Each daily session will start at 9:00 AM and finish at 5:00 PM. All times are in the Central Time Zone.
- Instructor: Sundar Sinnappan
- FedEx Employees are eligible to use tuition reimbursement
- These classes can be paid for by invoice billing to your cost center or by you personally. Please obtain manager approval to use the cost center in writing (email).
**Update: Deferred payment is no longer available at the University of Memphis if you are using tuition reimbursement. You will need to pay for the course prior to the course start date (a payment link will be emailed to you) or you will not be allowed into the class. The only invoice payments that are allowed is when the course will be paid for by your cost center.**
All trainings are NONREFUNDABLE within 14 days of the training’s scheduled start date. Attendees who wish to cancel within the 14-day nonrefundable period will need to email Rami Lotay (firstname.lastname@example.org) and give a detailed explanation as to why they cannot possibly attend, as they will still be liable for payment in full.
Please note that submitting your information on the wait list does not automatically reserve your spot. You will have to register/pay for training via a separate registration portal.
OVERVIEW & OBJECTIVES
DevSecOps (Development, Security, and Operations) is rapidly becoming a staple development process for many businesses and the demand for the talent and skills is on the rise. DevSecOps is an approach that combines application development and operations to produce high quality and secure software. This course will introduce the commonly used concepts and terminologies in DevSecOps such as Test Driven Development, code analysis, quality and security monitoring and improvement, release strategies and technical debt reductions.
To conceptualize the theories of DevSecOps and CI/CD (Continuous Integration and Continuous Deployment), participants can take advantage of hands-on exercises using live CI/CD pipeline tools such as Gradle, Gitlab, Jenkins, and SonarQube. These exercises are designed to help participants with no previous experience and background in CI/CD. Step-by-step instructions will guide the participants to work with the pre-built software projects and observe the entire life cycle: code change, analyze code quality and vulnerability to launching of newly built software.
There is a short assessment at the of the course with multiple retakes allowed. Participants will be awarded with Certificate of Completion from the University of Memphis upon passing the assessment.
Note: This introductory course is not intended for individuals to be experts in setting up CI/CD pipeline.
DevSecOps & CI/CD Workshop Outline
The first half of the course will discuss the following:
- Evolution of DevSecOp
- 5 Pillars/Principles of DevOps Framework: Culture, Automation, Lean, Measurement, and Sharing
- Technologies enabling/Supporting DevSecOps
- Virtual Machines
- Ephemeral Environment
- Service Virtualization
Second half of the course will discuss the following:
- CI/CD Pipeline stages
- Version Control / Gitlab
- TDD (Test Drive Development)
- Code Quality components, specifically code coverage
- SonarQube: Quality monitoring and enforcement
- Code security: Vulnerabilities analysis and remediation
- Deployment strategies
* Where possible participants will experiment majority of the CI/CD tools and components listed above in a live CI/CD environment.
At the conclusion of the above topics, participants will be given the opportunity to work on a few hands-on exercises; making changes to a pre-configured software package and utilizing the entire CI/CD pipeline. This activity is completely optional.
WHO SHOULD ATTEND
Anyone who wants to be familiar with automation tools that can help monitor quality and security.