Mar 23
Loading video player...
00:00 Introduction to DevSecOps Journey 01:15 What is DevOps Exactly? 02:48 The Shift to DevSecOps 05:52 The Developer Workflow Explained 08:53 Inside the CI/CD Pipeline 09:52 Jenkins: The Automation Engine 11:28 Git Checkout and Build Phase 13:30 Secret Detection (GitLeaks Check) 14:53 File System Scanning (Trivy) 15:57 Understanding CVEs (Vulnerabilities) 16:47 Running Automated Tests 17:36 Static Code Analysis (SonarQube) 20:02 Building Deployment Artifacts 21:15 Docker Image Scanning 22:27 What is an SBOM? 25:15 Deployment to Non-Prod Environments 26:47 Production Deployment Approvals 27:28 Penetration Testing (DAST) 30:20 End-to-End Pipeline Sequence 36:59 The Shift Left Security Approach 37:48 Pipeline Security Controls Review 40:18 Outage Scenario: Uncaught Code Bugs 42:43 Detecting SQL Injection Automatically 44:08 Environment-Specific Pipeline Strategies 46:14 Homework: Build a Local Pipeline