Devsecops With Sast, Sca, Dast Using Jenkins On Aws-Hands On
Devsecops With Sast, Sca, Dast Using Jenkins On Aws-Hands On
Published 5/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English
| Size: 2.00 GB[/center]
| Duration: 4h 43m
Implement DevSecOps by SAST, SCA, DAST using tools Sonar, Snyk, OWASP ZAP, and SonarQube within a Jenkins Pipeline
What you'll learn
Integrate SAST using Sonarcloud (SAAS) in DevSecOps
Integrate SAST using SonarQube in DevSecOps
Integrate SCA scan using Snyk in Jenkins Pipeline
Build, Scan & Push Docker Image to AWS ECR
Deploy the Application (Docker Image) to EKS Cluster
Configure and setup of AWS EKS Cluster
Integrate DAST Scan using ZAP tool in Jenkins pipeline
Implemente Continuous Integration and Continuous Deployment with Jenkins Pipeline.
Requirements
Any Scripting Language Knowledge
Prior IT experience would be necessary to learn this technology
Description
DevSecOps stands for development, security, and operations. It is an extension of the DevOps practice. This course will cover everything you need to know to get started and be successful in DevSecOps. It includes hands-on demos, walkthroughs, quizzes, and presentations. The course provides downloadable source code and links to all the tools and websites mentioned so that you can use them in your local environment and follow along at your own pace.Key topics covered are:Module 1: Introduction of DevsecOpsIntroduction of DevsecOpsModule 2: Overview of Maven ToolMaven Lifecycle: Default, Clean & SiteRepositories used in MavenLab - Build the Springboot package in AWS EnvironmentLab: Location of Artifacts & built package dependenciesLab: Exploring pom.xml fileLab: Access the package applicationLab: Exploring dependencies of a built packageLab: Build LifecycleLab: Lab: Create a Web Application Project Using Maven Module 3: Integrate SAST using Sonarcloud (Software as a Service - SaaS) in DevSecOpsOverview of SAST - Static Application Security TestingCreate a Jenkins ServerInstall Maven, git, Java, Jenkins etc.Configure JenkinsInstall suggested PluginsDashboard of JenkinsIntegrate Maven with JenkinsBuild the package - Springboot Maven Micro ProjectConfigure Sonarcloud - cloud-based clean codeAdd a stage Compile and Run the Sonar Analysis in Jenkins PipelineGenerate Security Tokens from SonarcloudSonar Code Analysis on Vulnerable Project (Bugs, Security issues)Module 4: Integrate SAST using SonarQube in DevSecOpsCreate a SonarQube ServerRun Sonarqube ServiceAccess SonarQube Server via URLInstall SonarQube Scanner PluginsIntegrate SonarQube with JenkinsJenkins Pipeline - Sonar Quality Check 1Jenkins Pipeline - Sonar Quality Check 2Module 5: Integrate SCA scan using Snyk in Jenkins PipelineAbout Snyk tool and benefitsInstall a CI server - Jenkins ServerInstall apache maven on CI ServerAccess the CI Server - Jenkins ServerConfigure the Jenkins ServerCreate a admin user account on Jenkins ServerCreate an account on snyk toolAdd snyk-maven-plugin in pom.xmlRun SCA analysis using snykSCA analysis report using snykModule 6: Build, Scan & Push Docker Image to AWS ECRBuild, Scan & Push Docker Image (Application) to AWS ECRModule 7: Deploy the Docker image to a server (Continuous Deployment)Module 8: Deploy the Application (Docker Image) to EKS ClusterSetup of AWS EKS ClusterCreate a Client to access EKS ClusterConfigure AWS CLI CredentialsCheck Cluster status using CLIUpdate kubeconfig fileInstall KubectlInstall EksctlTroubleshooting - invalid apiVersion errorCreate Node group for EKS ClusterCompute EKS ClusterAdd a new project in Jenkins PipelineCreate and attach a role to EKS ClientSetup sshagent in Jenkins pipelineCopy files from Jenkins server to EKS ClientCreate a secret keyTroubleshootingExecute the application manuallyAdd a stage to copy the pod deployment fileRun the final pipeline - complete CICDModule 9: Integrate DAST Scan using ZAP tool in Jenkins pipelineAbout ZAP toolAdd a stage in Jenkins PipelineInstallation of ZAP toolZAP commandAdd a stage to copy zap script in Jenkins PipelineAdd a stage of DAST using ZAP tool in Jenkins PipelineExecute the Jenkins job for DAST ScanAnalyze the console logs of Jenkins JobAccess the zap report using web pageDelete the running eks cluster
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: Apache Maven Tool
Lecture 2 Introduction Maven Tool
Lecture 3 Maven - Build Lifecycles
Lecture 4 Types of Repositories
Lecture 5 Apache Maven Installation
Lecture 6 Clone the Spring Boot Project to Maven Server
Lecture 7 Validate and package the Source Code
Lecture 8 Lab - Explore pom.xml file
Lecture 9 Lab - Explore pom.xml file
Lecture 10 Lab: Access Spring Boot Application
Lecture 11 Lab: Investigating Dependencies of a Compiled Package
Lecture 12 Lab: Building the Lifecycle
Lecture 13 Lab : Deploy Springboot-webapplication
Section 3: Integrate SAST using Sonarcloud in DevSecOps
Lecture 14 Overview of SAST - Static Application Security Testing