DevSecOps Tutorial for Beginners | CI Pipeline with GitHub Actions and Docker Scout

DevSecOps Project | DevSecOps Pipeline for Python project with GitHub Actions - SAST Scan & Container Image Scanning | Discover security vulnerabilities of Python application in CI pipeline 💜 4-month DevSecOps Bootcamp: https://bit.ly/3RaK8KP 💙 6-month DevOps Bootcamp: https://bit.ly/483Iott #devsecops #githubactions #techworldwithnana 🙌 Thanks Progress for supporting this video! 🙌 Automate and Enforce Compliance with Chef: https://prgress.co/chef-compliance DevSecOps is a set of practices, concepts and tools that combines software development (Dev), security (Sec), and IT operations (Ops) into a single, integrated process. The goal of DevSecOps is to incorporate security into every stage of the software development lifecycle, from design and development to testing and deployment, rather than treating security as a separate and isolated concern. ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ ► OWASP vulnerable Python app: https://owasp.org/www-project-pygoat ► Forked project: https://github.com/nanuchi/devsecops-crash-course-pygoat ► Docker Scout Links: - Docker Scout: https://docs.docker.com/scout/ - Docker Scout CLI: https://docs.docker.com/engine/reference/commandline/scout/ - Docker Scout GitHub Action: https://github.com/docker/scout-action ▬▬▬▬▬▬ Course Pre-Requisites ▬▬▬▬▬▬ 💡 DevOps, GitHub Actions, CI/CD Basics 👉 GitHub Actions Tutorial: https://youtu.be/R8_veQiYBjI 👉 What is DevSecOps in 8 minutes: https://youtu.be/nrhxNNH5lt0 ▬▬▬▬▬▬ What you’ll learn in this DevSecOps crash course ✅ ▬▬▬▬▬▬ ► Understanding why DevSecOps concept emerged ► What is DevSecOps ► How DevSecOps works in practice ► DevSecOps Concepts and tools ► Understand what SAST, SCA, DAST, Secret Scanning, Container Image Scanning is ► DevSecOps Concepts and tools ► DevSecOps Demo: Build DevSecOps Pipeline with GitHub Actions ► How to configure SAST Scan with Bandit ► How to configure Container Image Scanning with Docker Scout ► How to generate scan reports ► How to analyze scan reports ► Next Steps to continue your DevSecOps Learning ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 - Intro and Course Overview 01:06 - Importance of Security 06:43 - Before DevSecOps: Security as Afterthought 07:36 - What is DevSecOps 09:40 - How DevSecOps works in Practice: DevSecOps Tools 15:51 - Shifting Security Left 19:19 - DevSecOps DEMO 19:26 - Demo Overview 21:05 - Workflow Templates 22:55 - Configure SAST Scan 31:25 - Analyze scan results 35:18 - Ignore Low Severity Issues 37:40 - Generate Scan Report 44:00 - Configure Image Scanning with Docker Scout 57:27 - Analyze scan results 01:04:12 - Reuse existing GitHub Action for Docker Scout 01:12:57 - Where to go from here 01:16:45 - Next Steps - Cloud and Kubernetes Security ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ INSTAGRAM ► https://bit.ly/2F3LXYJ TWITTER ► https://bit.ly/3i54PUB LINKEDIN ► https://bit.ly/3hWOLVT Facebook group ► https://bit.ly/32UVSZP