Let's Talk
Back

About Cprime Cprime, a Goldman Sachs and Everstone Capital portfolio company, is more than just a full-service consulting firm – we are your strategic partner for driving innovation and agility in your business. With over two decades of experience, we have honed our expertise to help organizations adapt at the speed the market demands.

Back

Training From new ways of working to deeply technical tools-based topics, leverage 30 years of experience to bridge skills gaps, empower excellence, and foster innovation for unmatched growth.

Back Enterprise Agility Development Business Technology Training Global Talent
Back

Enterprise Agility Need to respond to change faster? To do more with less? To surpass your competition? Adopting a holistic approach to change and continuous improvement across the organization can achieve all that and more Learn more >

Back

Global TalentElevate your pool of talent to beat the global tech talent shortage and remain competitive in the marketplace with end-to-end solutions for enhancing your tech teams Learn more >

Back

Development Support lean, cost-effective workflows focused on delivering value to your customer by leveraging individual specialists or entire teams of experienced software engineers to build custom applications and integrations Learn more >

Back

Business Technology Establish the optimal tool stacks to streamline workflows, data capture, and transparency across the organization, supporting decision making and agility Learn more >

Back

Training From new ways of working to deeply technical tools-based topics, leverage 30 years of experience to bridge skills gaps, empower excellence, and foster innovation for unmatched growth. Cprime Learning >

Pages

Courses

ALL COURSES

Resources

ALL RESOURCES

Blogs

ALL BLOGS

Courses

ALL COURSES

Certifications

ALL CERTIFICATIONS

Instructors

ALL INSTRUCTORS

DevSecOps CI/CD Pipeline | DevSecOps Course Builder

When a developer writes code, the only way to ensure that code works as it’s supposed to is to test it, but testing is time-consuming and so sometimes testing just doesn’t happen the way it needs to (you know who you are :).  Without proper testing, bad code can cause seriously expensive production-down issues.  This class teaches how to automate code building, testing, and deploying so your developers can focus on updating and creating new applications without worrying if they’ve broken something along the way.

While your developer is working on their DevOps Pipeline, hackers are continually trying to disrupt your business.  We teach your developers and operations engineers how to build DevSecOps and Security Scanning directly into the DevOps Pipeline.  This process (known as Shift Left) catches known vulnerabilities before they can disrupt your business or your development process.

Then we teach your teams how to detect vulnerabilities once your application is up and running in production.  If a hacker breaks into your infrastructure and even into your applications, we’ll show you how to continually monitor your apps for hacker-driven mutations so you can protect your business and your customers around the clock.

This course teaches exactly how to implement DevOps CI/CD & DevSecOps throughout the entire application creation and deployment process, catching known vulnerabilities during development (SAST) and while the application is actively running (DAST).  Students will learn how to create and use an end-to-end CI/CD pipeline to build, lint, test, and deploy vulnerability-free, secure, and approved code, at every stage of the Software Development Lifecycle.

Course Agenda 

  • Git source and version control management. This course will teach you the fundamentals of using git so you can effectively share, collaborate, backup, and version any code.  We’ll scan all code as it is pushed to Git for known vulnerabilities.
  • SAST (Static Application Security Testing). You will learn about OWASP (Open Web Application Security Project) and the top known vulnerabilities from which you need to protect your applications, as well as exactly how to do this. You’ll integrate SAST into your DevOps Pipeline, including how to stop a pipeline build when a vulnerability is discovered, and you’ll learn how to manage false positives. Third-party libraries are code developers get from other places. We’ll scan that code as well.
  • Configuration management. We’ll teach you how to configure and spin up servers (web, database, load balancer, or any application servers), using a configuration management tool and code stored in git.
  • Testing and continuous integration /  continuous deployment. Learn to integrate git and configuration management with a CI/CD tool to build, test, and deploy code into test, staging, and production environments, creating an automated end-to-end DevOps pipeline. We’ll use CI/CD to drive Security scanning so every push of code verifies a vulnerability-free application.
  • DAST (Dynamic Application Security Testing). No matter how hard you work to protect your code, someone could potentially break into your running application in Production. We’ll show you how to continually and dynamically scan running applications to make sure you are safe from the beginning of the code development process to the final customer experience.

No prior DevOps knowledge is required.

Choose the exact toolchain you want below and generate a course outline, or choose the ‘generic’ options for a tool-neutral outline:

Need Help?

Contact our training experts