title: Security test automation in CI/CD pipelines
duration: 1 day (6hrs education time)
developed by: Riccardo ten Cate
Security test automation
Introduction to Docker
Containerize the security tooling
Setting up a docker registry
Introduction into CI tools
Setting up a scripted pipe-line
Security test automation philosophy
How to pick the right tools for the right job
Integrating the tools into the CI pipe-line
Code quality testing
Introduction to Sonarqube
Check for dead end code
Check for repudiated code
Check for over-complex code
Handling metric results on large scale
Introduction to the vulnerability management tools (VMT)
Delta reporting with the VMT
False positive suppression with the VMT
Learn to read and understand the tooling metrics
Learn how to do active verification on the metrics
Iteration and optimization of the pipeline
Kubernetes introduction
Optimize the pipe-line with Kubernetes
Intro to Behaviour-Driven Development, BDD-type testing
Calabash introduction