Linux Practical DevSecOps (LF-DSO)

Practical DevSecOps course using GitLab CI/CD, Kubernetes, ArgoCD, and monitoring tools.

Description

This course comprehensively covers key tools in the DevSecOps ecosystem. Participants will be guided in understanding the concepts and practical implementation of GitLab CI/CD for development and delivery automation. Additionally, they will learn about Kubernetes as a container orchestration platform, ArgoCD for efficient application management, and performance monitoring tools like Grafana and Prometheus for data analysis and visualization. The course also includes code analysis with SonarQube to identify and fix code issues and implement better coding practices. Participants will gain practical skills in implementing and managing these DevOps tools in a production context.

Why Take This Course?

  • Master Complete DevSecOps Practices

    Learn the full DevSecOps lifecycle, from secure development and CI/CD to deployment and monitoring in modern container environments.

  • Enhance Security and Automation Skills

    Gain expertise in code testing, vulnerability analysis, and pipeline automation to keep applications secure and reliable.

  • Advance Your Career in Cloud and DevOps

    Acquire practical skills that can be applied immediately to real-world projects, boosting your professional value in the DevOps and cloud industry.

Facilities

  • Hands-on Lab Environment – Train using dedicated virtual machines with full access to lab resources via Jumpserver (RDP & SSH), enabling real-world practice throughout the training.
  • Downloadable Lab Environment – Continue practicing after the training with our VM Lab Downloader (.qcow2), allowing you to run the lab environment on your own machine.
  • Complete Learning Materials – Get comprehensive digital training materials and a handbook with up to 1 year access, plus a certificate of course completion.
  • Post-Training Support – Continue learning after the class with access to training records (for online sessions) and community discussion groups to help reinforce your skills.

Trainer

Naufal

Cloud Engineer

Jenkins, Git, Bitbucket

View LinkedIn

Syllabus

Introduction DevSecOps
  • Overview of DevOps
  • Overview of Security Tools on DevOps Cycle
  • Overview of Testing Tools DevOps Cycle
  • DevOps Frameworks
  • Lab: Setup Lab Environment
  • Lab: Exploring DevSecOps Environment
  • Lab: Basic Operations with Jira and Gitlab
  • Lab: Exploring Containerization with Harbor
  • Lab: Registering Runner
Secure Software Development Life Cycle (SSDLC)​
  • What is Secure SDLC (SSDLC) ?
  • DevSecOps Maturity Model (DSOMM)
  • Risk Assessment
  • Threat Modelling
DevSecOps Code
  • What is Software Component Analysis (SCA) ?
  • Static and Dynamic Code Analysis
  • Dependency-Check for Vulnerability Assessment
  • Trivy to Vulnerability Scanner
  • Lab: Static Code Analysis with Sonarqube
  • Lab: Software Composition Analysis (SCA) with Dependency-Check
  • Lab: Container Image Vulnerability Scanner with Trivy
  • Quis 3
CI/CD
  • Overview of CI/CD
  • Building an Effective Pipelines
  • Plan Management Project with Jira
  • Plan Management Integrations Pipeline CI/CD
  • Lab: Preparing Application Repositories
  • Lab: Planning CI/CD Pipeline with Jira
  • Lab: Creating Initial CI Pipeline in Gitlab
  • Quiz 4
DevSecOps Pipeline
  • Overview of DevSecOps Pipeline
  • What is Static Application Security Testing (SAST) ?
  • What is SonarQube
  • Integrating SonarQube for Continuous Code Quality
  • Lab: Adding Unit Tests to Pipeline
  • Lab: Adding SCA Dependency Check to Pipeline
  • Lab: Adding SAST SonarQube to Pipeline
  • Lab: Build and Push Container Images
  • Lab: Adding Container Image Vulnerability Scanning to Pipeline
  • Quiz 5
DevSecOps Deployment​
  • Helm for Kubernetes Packaging
  • Streamlined Kubernetes Deployments
  • Rollback Strategies Application on GitOps
  • Lab: Create Helm Chart for Applications
  • Lab: Deploying Applications to Kubernetes using ArgoCD and Helm
  • Lab: Implementing Continuous Deployment to Staging and Production with ArgoCD
  • Lab: Rolling Back Kubernetes Deployments with ArgoCD
  • Quiz 6
DevSecOps Testing
  • What is Dynamic Application Security Testing ?
  • Automated Security Testing : OWASP ZAP
  • Quantitative and Qualitative Analysis
  • Lab: Dynamic Application Security Testing with OWASP ZAP
  • Lab: Adding DAST OWASP ZAP to Pipeline
Monitoring and Logging
  • Log Monitoring Definition
  • Streamlining Error Tracking with Sentry
  • Streamlining Incident Management
  • Lab: Configuring Infrastructure Monitoring Tools
  • Lab: Configuring Logs to Grafana
  • Lab: Integrate Microsoft Teams Notifications to GitLab
  • Lab: Implementing Error Tracking for Applications Using Sentry
  • Fasilitas Pasca Pelatihan

Common Questions

Is there a minimum number of participants required for the training to run?

Yes, the training can be conducted with a minimum of 4 participants. If the number of participants does not meet the minimum requirement, you may contact us for further information on the available options.

Is it possible to customize the training materials?

Yes, the training materials can be customized based on your needs. The topics are not limited to Cloud, CloudSecOps, and DevSecOps.

Available Training

Accelerate Your Professional Growth

Category DevOps
Duration None
Level Advanced
Method Offline / Online / In-house
Download Syllabus

Need help?

Contact our team for corporate training inquiries.

Phone Icon Chat on WhatsApp

Related Courses

Course Image
Pro Training

Linux Practical DevOps (LF-DOS)

CI/CD course with Docker, Kubernetes, Git, Jenkins, and deployment pipelines

Intermediate

modules

10 Modules

duration

None

Course Image
Pro Training

Jenkins Administration (JK-ADM)

Jenkins training on CI/CD, pipelines, security, agents, and Docker automation

Intermediate

modules

9 Modules

duration

None

Training Request Form

Please fill in the details below to request a training session.

PIC Information
Company Information
Training Details