Course Outline
Introduction to DevSecOps for Government
- The significance of integrating security into the DevOps process for government agencies.
- Key principles and practices of DevSecOps for ensuring secure software development and deployment.
Continuous Integration (CI) Security for Government
- Securing code repositories, including GitLab integration with Jenkins for enhanced security in government operations.
- Automated code quality and security analysis using SonarQube to ensure compliance and reliability in government applications.
- Incorporating static code analysis as part of the Jenkins CI pipeline to identify and mitigate vulnerabilities early in the development cycle.
Container Security with Docker for Government
- Creating secure Docker images for government systems to prevent unauthorized access and ensure data integrity.
- Managing Docker image repositories with Harbor to maintain version control and security compliance.
- Best practices for vulnerability scanning and image version control to protect government applications from emerging threats.
Setting up Secure CI/CD Pipelines for Government
- Configuring Jenkins for security integration to support secure continuous delivery processes in government agencies.
- Running a SonarQube analysis to ensure code quality and security standards are met for government applications.
- Generating and securing Docker images to facilitate reliable and secure deployments in government environments.
Securing the Deployment Process with Kubernetes for Government
- Security practices for Kubernetes orchestration to protect government systems during deployment.
- The role of Kubernetes Orchestrator in ensuring secure progressive deployment for government applications.
- Implementing Role-Based Access Control (RBAC) and securing service communication to enhance security in government Kubernetes clusters.
Integrating RabbitMQ, PostgreSQL, and MongoDB for Government
- Secure communication between services to ensure data integrity and confidentiality in government systems.
- Data security practices for PostgreSQL and MongoDB to protect sensitive government information.
- Hardening RabbitMQ for secure messaging to prevent unauthorized access and ensure reliable message delivery in government applications.
Identity and Access Management with Keycloak for Government
- Configuring Keycloak for user authentication and authorization to manage access to government resources securely.
- Managing identity for Kubernetes clusters to ensure secure and compliant access control in government environments.
Implementing Security in Kubernetes for Government
- Deploying applications securely on Kubernetes to meet the stringent security requirements of government operations.
- Integrating Keycloak with Docker and Kubernetes for comprehensive identity management in government systems.
Monitoring and Auditing in DevSecOps for Government
- Continuous monitoring tools and techniques to detect and respond to security incidents in real-time within government environments.
- Auditing deployments and maintaining compliance with regulatory requirements for government agencies.
- A practical guide to automating rollback on security failures to ensure the integrity and availability of government systems.
Summary and Next Steps for Government
Requirements
- An understanding of the DevOps process for government
- Basic working knowledge of Docker containers and Kubernetes orchestration
Audience
- DevOps professionals in the public sector
Testimonials (2)
Craig was extremely involved in the training, always making sure we are paying attention, adapted the examples to our day-to-day activities and always provided an answer when asked, even if the information was not added in the presentation.
Ecaterina Ioana Nicoale - BOOKING HOLDINGS ROMANIA SRL
Course - DevOps Foundation®
High level of commitment and knowledge of the trainer
