Security test automation in CI/CD pipelines
title: Security test automation in CI/CD pipelines
duration: 1 day (6hrs education time)
- Security test automation
- Introduction to Docker
- Containerize the security tooling
- Setting up a docker registry
- Introduction into CI tools
- Setting up a scripted pipe-line
- Security test automation philosophy
- How to pick the right tools for the right job
- Integrating the tools into the CI pipe-line
- Code quality testing
- Introduction to Sonarqube
- Check for dead end code
- Check for repudiated code
- Check for over-complex code
- Handling metric results on large scale
- Introduction to the vulnerability management tools (VMT)
- Delta reporting with the VMT
- False positive suppression with the VMT
- Learn to read and understand the tooling metrics
- Learn how to do active verification on the metrics
- Iteration and optimization of the pipeline
- Kubernetes introduction
- Optimize the pipe-line with Kubernetes
- Intro to Behaviour-Driven Development, BDD-type testing
- Calabash introduction