Learning Path: DevSecOps

Static Analysis (SAST) and Code Review for DevSecOps

Practically everyone uses open source software and libraries, including major organizations. But regardless of how safe people think they are, we need to be sure it’s not compromising our applications. Source Composition Analysis (SCA) is how we test the security of all the open source components of our software.

In Source Composition Analysis for DevSecOps, you’ll learn everything there is to know about SCA and how it ties into a sustainable DevOps practice. We’ll be taking you through some of the most popular SCA tools, as well as automating a Software Bill of Materials (SBOM). We’ll even learn how to use CycloneDX to manage our SBOM.

Finally, we’ll learn how to conduct a comprehensive NPM audit in our practical labs. The course features hands-on lab exercises where you will integrate SCA into a CI pipeline, as well as tracking and monitoring software components in a CI platform.

Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. That’s why we’ve chosen to focus on showing you practical, real-world strategies and techniques that bring you closer to a successful DevSecOps implementation.

Beginner Proficiency
DevSecOps Expert
4 hours
25 lessons
5 Cloud Labs

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Pre-Commit Security
  • SAST Types and Tools
  • SAST – Regex and AST
  • Good Rules of SAST
  • Semantic Grep and QL
  • SAST Automation Approaches