No video :(

DevSecOps Tutorial for Beginners | CI Pipeline with GitHub Actions and Docker Scout

Подписаться 1,1 млн

Просмотров 98 тыс.

50% 1

DevSecOps Project | DevSecOps Pipeline for Python project with GitHub Actions - SAST Scan & Container Image Scanning | Discover security vulnerabilities of Python application in CI pipeline
💜 4-month DevSecOps Bootcamp: bit.ly/3RaK8KP
💙 6-month DevOps Bootcamp: bit.ly/483Iott
#devsecops #githubactions #techworldwithnana
🙌 Thanks Progress for supporting this video!
🙌 Automate and Enforce Compliance with Chef: prgress.co/che...
DevSecOps is a set of practices, concepts and tools that combines software development (Dev), security (Sec), and IT operations (Ops) into a single, integrated process. The goal of DevSecOps is to incorporate security into every stage of the software development lifecycle, from design and development to testing and deployment, rather than treating security as a separate and isolated concern.
▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬
► OWASP vulnerable Python app: owasp.org/www-...
► Forked project: github.com/nan...
► Docker Scout Links:
- Docker Scout: docs.docker.co...
- Docker Scout CLI: docs.docker.co...
- Docker Scout GitHub Action: github.com/doc...
▬▬▬▬▬▬ Course Pre-Requisites ▬▬▬▬▬▬
💡 DevOps, GitHub Actions, CI/CD Basics
👉 GitHub Actions Tutorial: • GitHub Actions Tutoria...
👉 What is DevSecOps in 8 minutes: • What is DevSecOps? Dev...
▬▬▬▬▬▬ What you’ll learn in this DevSecOps crash course ✅ ▬▬▬▬▬▬
► Understanding why DevSecOps concept emerged
► What is DevSecOps
► How DevSecOps works in practice
► DevSecOps Concepts and tools
► Understand what SAST, SCA, DAST, Secret Scanning, Container Image Scanning is
► DevSecOps Concepts and tools
► DevSecOps Demo: Build DevSecOps Pipeline with GitHub Actions
► How to configure SAST Scan with Bandit
► How to configure Container Image Scanning with Docker Scout
► How to generate scan reports
► How to analyze scan reports
► Next Steps to continue your DevSecOps Learning
▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬
00:00 - Intro and Course Overview
01:06 - Importance of Security
06:43 - Before DevSecOps: Security as Afterthought
07:36 - What is DevSecOps
09:40 - How DevSecOps works in Practice: DevSecOps Tools
15:51 - Shifting Security Left
19:19 - DevSecOps DEMO
19:26 - Demo Overview
21:05 - Workflow Templates
22:55 - Configure SAST Scan
31:25 - Analyze scan results
35:18 - Ignore Low Severity Issues
37:40 - Generate Scan Report
44:00 - Configure Image Scanning with Docker Scout
57:27 - Analyze scan results
01:04:12 - Reuse existing GitHub Action for Docker Scout
01:12:57 - Where to go from here
01:16:45 - Next Steps - Cloud and Kubernetes Security
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
INSTAGRAM ► bit.ly/2F3LXYJ
TWITTER ► bit.ly/3i54PUB
LINKEDIN ► bit.ly/3hWOLVT
Facebook group ► bit.ly/32UVSZP

Опубликовано:

14 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 68

@TechWorldwithNana 8 месяцев назад

What is your experience in DevSecOps? Have you already encountered it in any of your projects? 🤔 If this tutorial was helpful for you, definitely would appreciate if you like and share it😊💙

@juanmarioparra 8 месяцев назад

You are awesome.

@yktronix9959 7 месяцев назад

Dear Nana, I have been working since June 2022 as a DevOps Engineer and I achieved it thanks to your invaluable videos and courses. I have an 18-year-old daughter who is training in IT studying with your videos. It makes me very happy that you are about to reach one million subscribers. You deserve it. Thank you for everything you offer to the community. God bless you.

@TechWorldwithNana 7 месяцев назад

Thank you for sharing this, such messages mean a lot 😊 It's so great to hear that your daughter is pursuing a career in IT too! All the best to you and your daughter! 💙

@lbf5984 8 месяцев назад

I am in procurement and we contract out a lot of DevSecOps Engineers, appreciate learning what they actually do!

@TechWorldwithNana 8 месяцев назад

That's interesting, thanks for sharing!

@willst101 8 месяцев назад

Thank you Nana for even more awesome content. You are a treasure to the DevOps/DevSecOps community!

@TechWorldwithNana 8 месяцев назад

Thank you, appreciate your feedback! :)

@mo.dia97 8 месяцев назад

That's very kind of you to provide the DevSecOps Tutorial fundamentals before enrolling in the course "Which I highly recommend❤" Thank you nana for your hard work you always make our life easier

@TechWorldwithNana 8 месяцев назад

Thank you, that's great to hear! :)

@chakravarthyk9921 Месяц назад

Hi Nana im working as a Principal Architect for DevOps, i strongly recommended your channel and videos to our new joiners .. Loved the way of connecting the dots. Thank you so much for making our DevSecOps Journey easier.

@vpunde1 3 месяца назад

Tbh,, One of the best explanation in detailed simple words which make you understand the concept thoroughly . i will Definitely look after the entire course.. and recommended to my peers too.. thank you Nana..!😊

@tdjtomas 8 месяцев назад

Very clear explanation from Nana! Thank you!

@thomash.8297 8 месяцев назад

Thanks for this Tutorial! Perfect for beginners.

@erionomeri007 8 месяцев назад

Very nice and to the point DevSecOps tutorial. Always enjoy your work, thanks and best wishes on the future ones.

@TechWorldwithNana 8 месяцев назад

Happy to hear! :)

@withtresor 8 месяцев назад

best video, i start now to learn a DevOps. your videos is interesting and important for me, thanks you so much.

@heikoavalos1423 8 месяцев назад

Thank you for this wonderful content, there's a lot of concepts that I can start to incorporate into my knowledge base

@zenobikraweznick 8 месяцев назад

Amazing , high quality stuff, thank you!

@niksatan 8 месяцев назад

Nana, unbelivable, I just today was thinking about this!

@TechWorldwithNana 8 месяцев назад

:D Hope it was helpful!

@tamishverma2261 8 месяцев назад

Extremely good and awesome to get basic understanding

@Learn_IT_with_Azizul 8 месяцев назад

very useful. But, any full project helps lots to face the job interview in DevsecOps. Hopefully, more contents coming from your end. Thank You

@9876rabi123456789 8 месяцев назад

Very, very happy to see you again😊😊😊😊😊😊😊😊😊

@ZufarExplained 8 месяцев назад

Great video, thank you!

@TechWorldwithNana 8 месяцев назад

My pleasure :)

@ScottMooreConsultingLLC 8 месяцев назад

Great tutorial. Now can you do one on DevPerfOps? Since both security and performance are only operational requirements within development, if Security gets its own silo designation within DevOps, Performance should as well.

@sagarahire-ys3uj 8 месяцев назад

Awesome as always but must say takes big heart to release such content for free...Appreciate ur efforts

@TechWorldwithNana 8 месяцев назад

Thank you, appreciate your kind words!

@TamilTV2 7 месяцев назад

Excellent.. Effortless... very useful..

@alberthien3720 8 месяцев назад

Great job keep it up ❤

@thedeparted_one 8 месяцев назад

Nana is so awesome!

@AungBaw 8 месяцев назад

Thank you for this teaser.

@fazalhayat7848 8 месяцев назад

Good Work. Appreciate your work. Nine Work. Learnt a lot from you. Thank you.

@TechWorldwithNana 8 месяцев назад

Thank you! :)

@Kojo-l6d 3 месяца назад

If you run into an issue where the "Docker Setup" Fails - In the Dockerfile on line 8 change dnsutils 'deb10u9' > 'deb10u10' and the pipeline should not fail building the image 53:24

@kareer4genz 8 месяцев назад

Hi nana, can you make a video or guide paid projects for azure devops and devsecops, for hands-on experience

@ISAF87 3 месяца назад

Big fan for testing and security. Here we have an annual pentest being done by a 3rd party. What is your take on 3rd party (software) doing the scanning of your codebase? That in itself is another attack vector, just like nuget packages used from 3rd parties. Do you validate who wrote the scanner, where they are located, what they are doing with the scanned sourcecode etc?

@jacobphillips9235 8 месяцев назад

Thanks!

@jacobphillips9235 8 месяцев назад

Thank you Nana! You ROCK!

@TechWorldwithNana 8 месяцев назад

Thank you Jacob, appreciate your support! :)

@kristof9497 8 месяцев назад

Thank you

@collinsm8263 5 месяцев назад

Awesome video. Please where and how can I get hold of your DevSecOps bootcamp material.?Thank you

@yuvaraniboopathy5530 7 месяцев назад

Hi Nana, I decided to switch my career from non-IT to IT, I have 4.5 years of experience in the non-IT healthcare (BPO) domain. I'm very versatile and proficient in my current job but still am not getting enough pay. so kindly advise what I need to start learning and where to start what are the important skills 1 must have to join into an IT career, and what are the fundamental stuff to crack an IT job interview, it's really confusing so many technology terms are there. I have all the spaces and resources to learn but the thing is the tech category has so much stuff like an ocean I only have a drop of water-level knowledge :(

@shaunakkakade1325 8 месяцев назад

Can you cover OPA Rego technology that pretty much achieves policy enforcement on Terraform Cloud configs? As an example, lets say you dont want to allow opening up firewall port 8182 for GCP firewall through Terraform for anyone. Without OPA, this was not much achievable as anyone can create PR and if somebody approves, it gets pushed to Prod. OPA will pretty much block that PR itself stating this isn't allowed.

@pavelulitin283 7 месяцев назад

Regarding the pipeline. In the "Build Docker Image" step we build the image on the GitHub runner. In the next step of “Docker Scout Scan” we check the image in the remote repository. Can anyone tell me - shouldn't a push to the remote repository be performed between these two actions, so that later we can run a vulnerability check? Thanks in advance

@arozendojr 7 месяцев назад

Is it possible to place all requests, header and body between the microservices in Jaeger, without modifying the pod code?

@rishiraj2548 8 месяцев назад

Thanks

@buildoncloud 7 месяцев назад

Hi Nana, thanks for this awesome course. What are you using to make these animation and slides?

@ransfordmensah4486 5 месяцев назад

My scripted CI code could not commit changes, below was the error I encountered "There was an error committing your changes: File could not be edited"

@johndoe20975 8 месяцев назад

Is it in plan to make Golang big course? thanks

@TechWorldwithNana 8 месяцев назад

No, for now it's not planned

@zenobikraweznick 8 месяцев назад

29:40 - let's be paranoid for a moment, what if this bandit package is compromised already or has been tampered with (in such a way so that even maintainers do not know about it yet) and sends ALL your code to a 3rd party servers ? ;-)

@Marsell88 7 месяцев назад

sounds solid...

@mahermostafa8245 8 месяцев назад

What about number of hours to certified in this track

@caodangtinh180889 8 месяцев назад

Nana, may I know the tool you used to create the presentation?

@TechWorldwithNana 8 месяцев назад

We use Screenflow for screen recording and video editing

@caodangtinh180889 8 месяцев назад

Thanks for the info@@TechWorldwithNana

@sunny_m 8 месяцев назад

This is more of Github Actions and workflows creation than devsecops.

@3004atul 8 месяцев назад

Please show your face also during tutorial it will enhance user view as beauty and brain combination is good.

@arnaudfrancktaptuekuate5367 8 месяцев назад

Waiting for devsecops in azure devops 😂

@illegalsmirf 8 месяцев назад

All of this devops-derived stuff is really starting to sound ridiculous now.

@karthikjmoger478 8 месяцев назад

What? What's ridiculous in this. Don't look the title. Vice president in banks does engineering works. Look for the technology

@devinbartley5768 6 месяцев назад

As a practitioner of DevHogDelSecOps specializing in optimizing operations to secure delivery of hogs across the tri-state region I resent this comment.