About the workshop

Properties

title: Security test automation in CI/CD pipelines

duration: 1 day (6hrs education time)

developed by: Riccardo ten Cate​

Related courses

• ​Docker security​

• ​Mobile testing automation​

Agenda

• Security test automation

  • Introduction to Docker

  • Containerize the security tooling

  • Setting up a docker registry

  • Introduction into CI tools

  • Setting up a scripted pipe-line

  • Security test automation philosophy

  • How to pick the right tools for the right job

  • Integrating the tools into the CI pipe-line

• Code quality testing

  • Introduction to Sonarqube

  • Check for dead end code

  • Check for repudiated code

  • Check for over-complex code

• Handling metric results on large scale

  • Introduction to the vulnerability management tools (VMT)

  • Delta reporting with the VMT

  • False positive suppression with the VMT

  • Learn to read and understand the tooling metrics

  • Learn how to do active verification on the metrics

• Iteration and optimization of the pipeline

  • Kubernetes introduction

  • Optimize the pipe-line with Kubernetes

• Intro to Behaviour-Driven Development, BDD-type testing

  • Calabash introduction

Trainers

• ​Riccardo ten Cate​