Security test automation in CI/CD pipelines

Last updated last month

About the workshop

Properties

title: Security test automation in CI/CD pipelines

duration: 1 day (6hrs education time)

developed by: Riccardo ten Cate

Agenda

  • Security test automation

    • Introduction to Docker

    • Containerize the security tooling

    • Setting up a docker registry

    • Introduction into CI tools

    • Setting up a scripted pipe-line

    • Security test automation philosophy

    • How to pick the right tools for the right job

    • Integrating the tools into the CI pipe-line

  • Code quality testing

    • Introduction to Sonarqube

    • Check for dead end code

    • Check for repudiated code

    • Check for over-complex code

  • Handling metric results on large scale

    • Introduction to the vulnerability management tools (VMT)

    • Delta reporting with the VMT

    • False positive suppression with the VMT

    • Learn to read and understand the tooling metrics

    • Learn how to do active verification on the metrics

  • Iteration and optimization of the pipeline

    • Kubernetes introduction

    • Optimize the pipe-line with Kubernetes

  • Intro to Behaviour-Driven Development, BDD-type testing

    • Calabash introduction

Trainers