Learning Path: DevSecOps

Github Actions for DevSecOps

GitHub Actions is an API that’s used to automate, customize, and execute software development workflows right in your GitHub repository. Developers and security professionals have found ways to use Actions to implement automation and CI/CD workflows in DevSecOps. This course is a deep dive into the use of GitHub Actions in DevSecOps, with practical learning through hands-on labs.

We begin by learning about DevSecOps and GitOps, where you’ll create your own custom GitHub Action. You’ll even create an Actions-driven workflow for Continuous Integration. We then explore DevSecOps with GitHub Actions with the help of cookbook-style labs, where you’ll implement SAST and SCA workflows, as well as automate DAST Checks with GitHub Actions.

This course is a distillation of years of security testing experience, knowledge, and original research across our entire team. We’ve designed our material and labs to reflect real-world techniques and challenges, making it easy for you to gain serious practical experience in automating DevSecOps workflows. When you’ve completed this course, you can implement what you’ve learned in effectively implementing Security in DevOps.

Proficiency: Beginner
Audience: DevSecOps
Course Duration: 4 hours
31 lessons
3 Cloud Labs

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Introduction: Git and DevOps
  • Benefits of GIt
  • Git in CI and CD
  • GitOps
  • Github Security Integrations
  • Github Security Tour
  • Scanning Repos with CodeQL
  • Github Actions: Intro and Overview
  • Your First GitHub Action
  • Secrets and Runners
  • Github Actions – Continuous Integration
  • OWASP ZAP and GitHub Actions – Preamble