Visão Geral
O curso DevSecOps and CI/CD Best Practices foi desenvolvido para capacitar profissionais a implementar práticas modernas de integração contínua (CI), entrega contínua (CD) e segurança integrada ao ciclo de vida de desenvolvimento de software (DevSecOps). Os participantes aprenderão a automatizar processos de desenvolvimento, testes, segurança e implantação, garantindo maior qualidade, agilidade e conformidade nas entregas de software.
O treinamento aborda conceitos, arquiteturas, ferramentas, automação de pipelines, segurança em código, infraestrutura, containers, cloud e governança, alinhando desenvolvimento, operações e segurança em um fluxo contínuo e eficiente.
Conteúdo Programatico
Module 1: DevSecOps Fundamentals
- Introduction to DevOps and DevSecOps
- DevSecOps Culture and Mindset
- Shift Left Security Principles
- Software Development Lifecycle (SDLC)
- Security Integration Across the SDLC
- DevSecOps Roles and Responsibilities
- DevSecOps Reference Architectures
Module 2: Version Control and Source Code Management
- Git Fundamentals
- Branching Strategies
- Git Flow and Trunk-Based Development
- Pull Requests and Code Reviews
- Secure Repository Management
- Secrets Management Best Practices
- Repository Governance and Policies
Module 3: Continuous Integration Best Practices
- CI Concepts and Architecture
- Automated Build Pipelines
- Build Validation Processes
- Unit Testing Automation
- Artifact Management
- Quality Gates Implementation
- Build Optimization Techniques
Module 4: Secure Code Analysis
- Static Application Security Testing (SAST)
- Secure Coding Principles
- SonarQube Integration
- Code Quality Metrics
- Security Vulnerability Detection
- OWASP Top 10 Overview
- Secure Development Workflows
Module 5: Dependency and Supply Chain Security
- Software Supply Chain Security
- Software Bill of Materials (SBOM)
- Dependency Scanning Techniques
- Vulnerability Management
- Open Source Risk Assessment
- OWASP Dependency-Check
- Supply Chain Attack Prevention
Module 6: Container Security
- Docker Security Fundamentals
- Secure Container Image Creation
- Container Vulnerability Scanning
- Trivy Security Scanning
- Container Hardening Techniques
- Registry Security Best Practices
- Runtime Security Concepts
Module 7: Infrastructure as Code Security
- Infrastructure as Code Fundamentals
- Terraform Security Best Practices
- IaC Scanning and Validation
- Policy as Code Concepts
- Secure Infrastructure Provisioning
- Compliance Automation
- Infrastructure Governance
Module 8: Continuous Delivery and Deployment
- Continuous Delivery Fundamentals
- Continuous Deployment Strategies
- Blue-Green Deployments
- Canary Releases
- Rolling Updates
- Release Management Automation
- Deployment Risk Mitigation
Module 9: Kubernetes Security
- Kubernetes Architecture Review
- Kubernetes Security Fundamentals
- RBAC Implementation
- Network Policies
- Pod Security Standards
- Secret Management
- Kubernetes Hardening Techniques
Module 10: GitOps and Deployment Automation
- GitOps Principles
- Argo CD Fundamentals
- Declarative Deployments
- Environment Management
- Configuration Drift Detection
- Automated Rollback Strategies
- GitOps Security Practices
Module 11: Monitoring, Observability and Security Operations
- Monitoring CI/CD Pipelines
- Application Observability
- Prometheus Fundamentals
- Grafana Dashboards
- Log Management
- Security Event Monitoring
- Incident Detection and Response
Module 12: Governance, Compliance and DevSecOps Best Practices
- Compliance Frameworks Overview
- Security Policies and Controls
- Risk Management Processes
- Audit Readiness
- DevSecOps Maturity Models
- Enterprise DevSecOps Governance
- End-to-End DevSecOps Best Practices
Module 13: Hands-On DevSecOps Project
- Build a Complete CI/CD Pipeline
- Integrate SAST and Dependency Scanning
- Secure Container Build Process
- Implement Infrastructure as Code Validation
- Deploy Applications Using GitOps
- Configure Monitoring and Security Controls
- End-to-End DevSecOps Workflow Validation
- Final Project Presentation and Review