Devsecops With Sast, Sca, Dast Using Jenkins On Aws-Hands On
Published 5/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English
| Duration: 4h 43m
Implement DevSecOps by SAST, SCA, DAST using tools Sonar, Snyk, OWASP ZAP, and SonarQube within a Jenkins Pipeline
What you'll learn
Integrate SAST using Sonarcloud (SAAS) in DevSecOps
Integrate SAST using SonarQube in DevSecOps
Integrate SCA scan using Snyk in Jenkins Pipeline
Build, Scan & Push Docker Image to AWS ECR
Deploy the Application (Docker Image) to EKS Cluster
Configure and setup of AWS EKS Cluster
Integrate DAST Scan using ZAP tool in Jenkins pipeline
Implemente Continuous Integration and Continuous Deployment with Jenkins Pipeline.
Requirements
Any Scripting Language Knowledge
Prior IT experience would be necessary to learn this technology
Description
DevSecOps stands for development, security, and operations. It is an extension of the DevOps practice. This course will cover everything you need to know to get started and be successful in DevSecOps. It includes hands-on demos, walkthroughs, quizzes, and presentations. The course provides downloadable source code and links to all the tools and websites mentioned so that you can use them in your local environment and follow along at your own pace.Key topics covered are:Module 1: Introduction of DevsecOpsIntroduction of DevsecOpsModule 2: Overview of Maven ToolMaven Lifecycle: Default, Clean & SiteRepositories used in MavenLab - Build the Springboot package in AWS EnvironmentLab: Location of Artifacts & built package dependenciesLab: Exploring pom.xml fileLab: Access the package applicationLab: Exploring dependencies of a built packageLab: Build LifecycleLab: Lab: Create a Web Application Project Using Maven Module 3: Integrate SAST using Sonarcloud (Software as a Service - SaaS) in DevSecOpsOverview of SAST - Static Application Security TestingCreate a Jenkins ServerInstall Maven, git, Java, Jenkins etc.Configure JenkinsInstall suggested PluginsDashboard of JenkinsIntegrate Maven with JenkinsBuild the package - Springboot Maven Micro ProjectConfigure Sonarcloud - cloud-based clean codeAdd a stage Compile and Run the Sonar Analysis in Jenkins PipelineGenerate Security Tokens from SonarcloudSonar Code Analysis on Vulnerable Project (Bugs, Security issues)Module 4: Integrate SAST using SonarQube in DevSecOpsCreate a SonarQube ServerRun Sonarqube ServiceAccess SonarQube Server via URLInstall SonarQube Scanner PluginsIntegrate SonarQube with JenkinsJenkins Pipeline - Sonar Quality Check 1Jenkins Pipeline - Sonar Quality Check 2Module 5: Integrate SCA scan using Snyk in Jenkins PipelineAbout Snyk tool and benefitsInstall a CI server - Jenkins ServerInstall apache maven on CI ServerAccess the CI Server - Jenkins ServerConfigure the Jenkins ServerCreate a admin user account on Jenkins ServerCreate an account on snyk toolAdd snyk-maven-plugin in pom.xmlRun SCA analysis using snykSCA analysis report using snykModule 6: Build, Scan & Push Docker Image to AWS ECRBuild, Scan & Push Docker Image (Application) to AWS ECRModule 7: Deploy the Docker image to a server (Continuous Deployment)Module 8: Deploy the Application (Docker Image) to EKS ClusterSetup of AWS EKS ClusterCreate a Client to access EKS ClusterConfigure AWS CLI CredentialsCheck Cluster status using CLIUpdate kubeconfig fileInstall KubectlInstall EksctlTroubleshooting - invalid apiVersion errorCreate Node group for EKS ClusterCompute EKS ClusterAdd a new project in Jenkins PipelineCreate and attach a role to EKS ClientSetup sshagent in Jenkins pipelineCopy files from Jenkins server to EKS ClientCreate a secret keyTroubleshootingExecute the application manuallyAdd a stage to copy the pod deployment fileRun the final pipeline - complete CICDModule 9: Integrate DAST Scan using ZAP tool in Jenkins pipelineAbout ZAP toolAdd a stage in Jenkins PipelineInstallation of ZAP toolZAP commandAdd a stage to copy zap script in Jenkins PipelineAdd a stage of DAST using ZAP tool in Jenkins PipelineExecute the Jenkins job for DAST ScanAnalyze the console logs of Jenkins JobAccess the zap report using web pageDelete the running eks cluster
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: Apache Maven Tool
Lecture 2 Introduction Maven Tool
Lecture 3 Maven - Build Lifecycles
Lecture 4 Types of Repositories
Lecture 5 Apache Maven Installation
Lecture 6 Clone the Spring Boot Project to Maven Server
Lecture 7 Validate and package the Source Code
Lecture 8 Lab - Explore pom.xml file
Lecture 9 Lab - Explore pom.xml file
Lecture 10 Lab: Access Spring Boot Application
Lecture 11 Lab: Investigating Dependencies of a Compiled Package
Lecture 12 Lab: Building the Lifecycle
Lecture 13 Lab : Deploy Springboot-webapplication
Section 3: Integrate SAST using Sonarcloud in DevSecOps
Lecture 14 Overview of SAST - Static Application Security Testing
Lecture 15 Create a Jenkins Server
Lecture 16 Install Maven, git, Java, Jenkins etc.
Lecture 17 Configure Jenkins
Lecture 18 Install suggested Plugins
Lecture 19 Dashboard of Jenkins
Lecture 20 Integrate Maven with Jenkins
Lecture 21 Checkout - Springboot Maven Micro Project
Lecture 22 Build the package - Springboot Maven Micro Project
Lecture 23 Configure Sonarcloud - cloud-based clean code
Lecture 24 Add a stage Compile and Run the Sonar Analysis in Jenkins Pipeline
Lecture 25 Generate Security Tokens from Sonarcloud
Lecture 26 Sonar Code Analysis on Vulnerable Project (Bugs, Security issues)
Section 4: Integrate SAST using SonarQube in DevSecOps
Lecture 27 Create a SonarQube Server
Lecture 28 Run Sonarqube Service
Lecture 29 Access SonarQube Server via URL
Lecture 30 Install SonarQube Scanner Plugins
Lecture 31 Integrate SonarQube with Jenkins
Lecture 32 Jenkins Pipeline - Sonar Quality Check 1
Lecture 33 Jenkins Pipeline - Sonar Quality Check 2
Section 5: Integrate SCA scan using Snyk in Jenkins Pipeline
Lecture 34 About Snyk tool and benefits
Lecture 35 Install a CI server - Jenkins Server
Lecture 36 Install apache maven on CI Server
Lecture 37 Access the CI Server - Jenkins Server
Lecture 38 Configure the Jenkins Server
Lecture 39 Create a admin user account on Jenkins Server
Lecture 40 Create an account on snyk tool
Lecture 41 Add snyk-maven-plugin in pom.xml
Lecture 42 Run SCA analysis using snyk
Lecture 43 SCA analysis report using snyk
Section 6: Build, Scan & Push Docker Image to AWS ECR
Lecture 44 Overview of the Project
Lecture 45 Lab - 1
Lecture 46 Lab - 2
Lecture 47 Lab - 3
Lecture 48 Lab - 4
Lecture 49 Lab - 5
Lecture 50 Lab - 6
Section 7: Deploy the Docker image to a server for continuous deployment
Lecture 51 Set up a server to deploy the Docker image
Lecture 52 Lab - 1
Lecture 53 Lab - 2
Lecture 54 Lab - 3
Lecture 55 Lab - 4
Section 8: Deploy the Application (Docker Image) to EKS Cluster
Lecture 56 Setup of AWS EKS Cluster
Lecture 57 Create a Client to access EKS Cluster
Lecture 58 Configure AWS CLI Credentials
Lecture 59 Check Cluster status using CLI
Lecture 60 Update kubeconfig file
Lecture 61 Install kubectl
Lecture 62 Install Eksctl
Lecture 63 Troubleshooting - invalid apiVersion error
Lecture 64 Create Node group for EKS Cluster
Lecture 65 Compute EKS Cluster
Lecture 66 Add a new project in Jenkins Pipeline
Lecture 67 Create and attach a role to EKS Client
Lecture 68 Setup sshagent in Jenkins pipeline
Lecture 69 Copy files from Jenkins server to EKS Client
Lecture 70 Create a secret key
Lecture 71 Troubleshooting
Lecture 72 Execute the application manually
Lecture 73 Add a stage to copy the pod deployment file
Lecture 74 Run the final pipeline - complete CICD
Section 9: Integrate DAST Scan using ZAP tool in Jenkins pipeline
Lecture 75 About ZAP tool
Lecture 76 Add a stage in Jenkins Pipeline
Lecture 77 Installation of ZAP tool
Lecture 78 ZAP command
Lecture 79 Add a stage to copy zap script in Jenkins Pipeline
Lecture 80 Add a stage of DAST using ZAP tool in Jenkins Pipeline
Lecture 81 Execute the Jenkins job for DAST Scan
Lecture 82 Analyze the console logs of Jenkins Job
Lecture 83 Access the zap report using web page
Lecture 84 Delete the running eks cluster
Lecture 85 Last lecture
IT Professionals,Solutions Architect,Software Testers,DevOps Engineer,Application Developers
Free search engine download: DevSecOps with SAST SCA DAST using Jenkins on AWSHands On
