How to Create a DevSecOps CI/CD Pipeline

preview_player
Показать описание
Want to get into the world of DevSecOps? In this video we go over important DevSecOps Principles like SCA, SAST, SBOM, SecretScanners and removing vulnerabilities by reducing your security footprint with Distroless images.


---
Support the Channel:
---

📘 Chapters:
0:00 Intro
1:13 Shifting Security Left
3:25 DevSecOps Pipeline whiteboarding
16:45 Lab Intro
19:54 Finding Vulnerabilities using Docker Scout
27:10 Secure Distroless Images
32:25 Generating SBOM (Software Bill of Materials)

Sponsorships:

  1. DevOps Journey
  2. devops
  3. devops tutorial
  4. devops training
  5. devops how to
Рекомендации по теме
How to Create 0:34:41

How to Create a DevSecOps CI/CD Pipeline

Web App Vulnerabilities 1:28:49

Web App Vulnerabilities - DevSecOps Course for Beginners

2018 - Practical 0:55:00

2018 - Practical DevSecOps – the simple free pipeline anyone can create - Jeff Williams

What is DevSecOps? 0:08:20

What is DevSecOps? DevSecOps explained in 8 Mins

How to Create 0:01:26

How to Create a DevSecOps Culture?

DevSecOps Pipeline CI 0:13:24

DevSecOps Pipeline CI Process - Real world example!

Rapidly build and 0:10:08

Rapidly build and deliver secure apps with DevSecOps practices | Azure Friday

What is DevSecOps? 0:06:55

What is DevSecOps?

Day-5: CI/CD Pipeline 3:14:07

Day-5: CI/CD Pipeline | Jenkins Pipeline Tutorial |Jenkinsfile [2025] | Full DevOps Tutorial

DevOps CI/CD Explained 0:01:56

DevOps CI/CD Explained in 100 Seconds

Using Threat Modeling 0:42:05

Using Threat Modeling to Create a DevSecOps plan

From the DevNet 0:19:39

From the DevNet Create 2020 archive: Implementing Application-First Security for DevSecOps

What is DevSecOps? 0:07:00

What is DevSecOps? DevSecOps explained in under 7 mins | 2022

DevSecOps : What, 0:52:46

DevSecOps : What, Why and How

DevNet Create 2021 0:12:19

DevNet Create 2021 - DevSecOps Performance Test Automation

DevSecOps Real-Time Project 2:02:28

DevSecOps Real-Time Project | Deployment of BINGO in Kubernetes Cluster | Monitoring

Create a DevSecOps 0:08:44

Create a DevSecOps CI/CD Pipeline - part 1 - Due Mar 29, 2021 - Sprint 0 - mid-Sprint check

#devops #devsecops #tutorial 0:08:40

#devops #devsecops #tutorial #jenkins 6. Devops : How to create 1st jenkins job

Enhance Your DevSecOps 0:00:59

Enhance Your DevSecOps Workflow with sbom.sh-create GitHub Action

DevSecOps Decoded | 0:09:23

DevSecOps Decoded | Technically Speaking

DevOps - What 0:00:49

DevOps - What is the Fastest Way To Learn ?

DevSecOps: Incorporate security 0:02:32

DevSecOps: Incorporate security testing into your dev practices

Practical DevSecOps: How 0:27:59

Practical DevSecOps: How to Continuously Adapt to Threats

DevSecOps: What, Why 0:39:06

DevSecOps: What, Why and How

Комментарии
Автор

What are your favorite DevSecOps tools? LMK!

DevOpsJourney
Автор

I completely agree on the statement made 16:40, I got more than a decade experience in securing DevOps but most organisation don't have this practice.

ranjansoumyab
Автор

🎉 I loved every bit of the video. Clear and precise... watching all over again. Thanks a million... Waiting for part 2 😊

samhaddison
Автор

Thanks for the simple and clean explanation where to start with secops. Great tutorial!

yyev
Автор

Thank you for sharing your experience in detail and requesting you to make these kind of knowledgebase videos.

akshaygp
Автор

Great video and explanation at the beginning of the video!

realamrutpatil
Автор

Thank you for sharing an awesome video 🙂

DK-vhkt
Автор

This is great loved it, How do we measure the authenticity of the sbom generated? And also can you show us how to integrate other security tools such as snyk, veracode into the pipeline. Thanks in advance.

saivarun
Автор

Nice information sir. Would like to know how to implement it with pre commit and block the commit

baivabmukhopadhyay
Автор

Great video.
I'm also interested which theme do you using for you terminal?

hookahel
Автор

Thank you so much for your informative video. I think you need to change Dockerfile and remove line "CMD ["nginx", "-g", "daemon off;"]" from it. Otherwise you get an error "nginx: invalid option: "nginx" and your container will be exited.

DevOpsPi
Автор

why does DevSecOps positions require so much experience when it seems this simple? and great video by the way helped me a lot

AnsonHopkins
Автор

Would love some coverage of how to go from having none of this to implementing some of it. It's not overnight. Takes a lot of time. My company wants to 'shift left' for the support function but struggles to understand the need in the dev team. I'm at the point where I've got azure devops doing some basic builds and deployments but nowhere near being able to use containers or anything. Most of our stuff is windows services or IIS :/

stevejohnny
Автор

My container is not running after adding cves and sbom commands. It's exiting instead of running when i execute the script. How to resolve this and get my container running?

HarshitaAggarwal
Автор

ZAP is not OWASP anymore.

From Wikipedia:
"As of August 1, 2023, the ZAP development team announced that ZAP was leaving the OWASP Foundation to join The Software Security Project, as a founding project [7][8] and henceforth will be simply called ZAP. "

MikeZadik
Автор

Hello, I came across this amazing video on DevSecOps and can anyone help me on where to find the github repo He mention in the video?

kuchambiatud
Автор

could you please share the flowchart what you have created

Games-zone
Автор

Pushing security towards developers. First improvement, ban AI coding tools.

MadalinIgnisca