Hands-On DevSecOps: Secure CI/CD with Jenkins on AWS

Implement DevSecOps with SAST, SCA, and DAST using Sonar, Snyk, OWASP ZAP, and SonarQube in a Jenkins Pipeline.

What you'll learn
Integrate SAST using Sonarcloud (SAAS) in DevSecOps
Integrate SAST using SonarQube in DevSecOps
Integrate SCA scan using Snyk in Jenkins Pipeline
Build, Scan & Push Docker Image to AWS ECR
Deploy the Application (Docker Image) to EKS Cluster
Configure and setup of AWS EKS Cluster
Integrate DAST Scan using ZAP tool in Jenkins pipeline
Implemente Continuous Integration and Continuous Deployment with Jenkins Pipeline.

Requirements
Any Scripting Language Knowledge
Prior IT experience would be necessary to learn this technology

Description
DevSecOps stands for development, security, and operations. It is an extension of the DevOps practice. This course will cover everything you need to know to get started and be successful in DevSecOps. It includes hands-on demos, walkthroughs, quizzes, and presentations. The course provides downloadable source code and links to all the tools and websites mentioned so that you can use them in your local environment and follow along at your own pace.Key topics covered are:Module 1: Introduction of DevsecOpsIntroduction of DevsecOpsBenefits of DevSecOpsDevSecOps vs. DevOpsModule 2: Overview of Maven ToolMaven Lifecycle: Default, Clean & SiteRepositories used in MavenLab - Build the Springboot package in AWS EnvironmentLab: Location of Artifacts & built package dependenciesLab: Exploring pom.xml fileLab: Access the package applicationLab: Exploring dependencies of a built packageLab: Build LifecycleLab: Lab: Create a Web Application Project Using Maven Module 3: Integrate SAST using Sonarcloud (Software as a Service - SaaS) in DevSecOpsOverview of SAST - Static Application Security TestingCreate a Jenkins ServerInstall Maven, git, Java, Jenkins etc.Configure JenkinsInstall suggested PluginsDashboard of JenkinsIntegrate Maven with JenkinsBuild the package -  Springboot Maven Micro ProjectConfigure Sonarcloud - cloud-based clean codeAdd a stage Compile and Run the Sonar Analysis in Jenkins PipelineGenerate Security Tokens from SonarcloudSonar Code Analysis on Vulnerable Project (Bugs, Security issues)Module 4: Integrate SAST using SonarQube in DevSecOpsCreate a SonarQube ServerRun Sonarqube ServiceAccess SonarQube Server via URLInstall SonarQube Scanner PluginsIntegrate SonarQube with JenkinsJenkins Pipeline - Sonar Quality Check 1Jenkins Pipeline - Sonar Quality Check 2Module 5: Integrate SCA scan using Snyk in Jenkins PipelineAbout Snyk tool and benefitsInstall a CI server - Jenkins ServerInstall apache maven on CI ServerAccess the CI Server - Jenkins ServerConfigure the Jenkins ServerCreate a admin user account on Jenkins ServerCreate an account on snyk toolAdd snyk-maven-plugin in pom.xmlRun SCA analysis using snykSCA analysis report using snykModule 6: Build, Scan & Push Docker Image to AWS ECRBuild, Scan & Push Docker Image (Application)  to AWS ECRModule 7: Deploy the Docker image to a server (Continuous Deployment)Module 8: Deploy the Application (Docker Image) to EKS ClusterSetup of AWS EKS ClusterCreate a Client to access EKS ClusterConfigure AWS CLI CredentialsCheck Cluster status using CLIUpdate kubeconfig fileInstall KubectlInstall EksctlTroubleshooting - invalid apiVersion errorCreate Node group for EKS ClusterCompute EKS ClusterAdd a new project in Jenkins PipelineCreate and attach a role to EKS ClientSetup sshagent in Jenkins pipelineCopy files from Jenkins server to EKS ClientCreate a secret keyTroubleshootingExecute the application manuallyAdd a stage to copy the pod deployment fileRun the final pipeline - complete CICDModule 9: Integrate DAST Scan using ZAP tool in Jenkins pipelineAbout ZAP toolAdd a stage in Jenkins PipelineInstallation of ZAP toolZAP commandAdd a stage to copy zap script in Jenkins PipelineAdd a stage of DAST using ZAP tool in Jenkins PipelineExecute the Jenkins job for DAST ScanAnalyze the console logs of Jenkins JobAccess the zap report using web pageDelete the running eks cluster

Who this course is for:
IT Professionals, Solutions Architect, Software Testers, DevOps Engineer, Application Developers