Security test automation in CI/CD pipelines

About the workshop

Properties

title: Security test automation in CI/CD pipelines
duration: 1 day (6hrs education time)
developed by: Riccardo ten Cate

Agenda

  • Security test automation
    • Introduction to Docker
    • Containerize the security tooling
    • Setting up a docker registry
    • Introduction into CI tools
    • Setting up a scripted pipe-line
    • Security test automation philosophy
    • How to pick the right tools for the right job
    • Integrating the tools into the CI pipe-line
  • Code quality testing
    • Introduction to Sonarqube
    • Check for dead end code
    • Check for repudiated code
    • Check for over-complex code
  • Handling metric results on large scale
    • Introduction to the vulnerability management tools (VMT)
    • Delta reporting with the VMT
    • False positive suppression with the VMT
    • Learn to read and understand the tooling metrics
    • Learn how to do active verification on the metrics
  • Iteration and optimization of the pipeline
    • Kubernetes introduction
    • Optimize the pipe-line with Kubernetes
  • Intro to Behaviour-Driven Development, BDD-type testing
    • Calabash introduction

Trainers

Last modified 2yr ago