What you'll learn:
- Understand the core principles of DevSecOps and how they integrate into modern software delivery pipelines.
- Set up a complete learning environment using Google Cloud Platform, Kubernetes (GKE), and essential DevOps tools.
- Build a secure CI/CD pipeline using Jenkins, Helm, Docker, and Kubernetes.
- Implement Software Composition Analysis (SCA) using OWASP Dependency-Check, Pyraider, and Dependency-Track to identify and manage third-party risks.
- Apply Static Application Security Testing (SAST) using tools like slscan and integrate them into your CI/CD pipeline.
- Conduct Dynamic Application Security Testing (DAST) using OWASP ZAP during deployment stages to catch runtime vulnerabilities.
- Harden container images using Dockle, Trivy, and multi-stage Dockerfiles to reduce the attack surface.
- Manage sensitive credentials and enforce secure secrets injection using HashiCorp Vault with Kubernetes.
- Enforce system-level compliance and infrastructure hardening using InSpec and Ansible as Compliance-as-Code tools.
- Secure Kubernetes workloads by implementing security contexts, Pod security policies, resource limits, and runtime scanning tools like Falco.
- Build and deploy AI/ML and containerized applications securely using GitOps practices with ArgoCD.
- Automate runtime anomaly detection and remediation using Falco and Argo Workflows.
- Understand the Software Bill of Materials (SBOM) and integrate SBOM generation into your pipeline.
- Design an end-to-end secure DevOps pipeline for real-world applications, from code to production, with continuous security monitoring.
Are you building or deploying applications on Kubernetes? Whether you're a DevOps Engineer, Platform Engineer, or AI/ML Engineer, security can no longer be an afterthought.
This hands-on DevSecOps Bootcamp will help you build secure, production-ready CI/CD pipelines using open-source tools and industry best practices. Learn how to integrate security across the software development lifecycle and ensure your applications are secure by design.
We will walk you through step-by-step labs that combine Jenkins, Kubernetes, ArgoCD, Vault, Trivy, Falco, OWASP ZAP, and other essential tools used in modern DevSecOps workflows.
This course is ideal for teams building cloud-native applications, AI/ML models, or any containerized workload that needs to be deployed securely at scale.
What You Will Learn:
Core DevSecOps principles and the secure software delivery lifecycle
How to build a CI/CD pipeline with Jenkins on Kubernetes
Software Composition Analysis (SCA) using OWASP Dependency-Check, Pyraider, and Dependency-Track
Static and Dynamic Application Security Testing (SAST & DAST) using slscan and OWASP ZAP
Securing container images using Trivy, Dockle, and multi-stage Dockerfiles
Enforcing compliance as code using InSpec and Ansible
Secrets management using HashiCorp Vault and Kubernetes RBAC
Runtime security monitoring using Falco with automated response pipelines
Secure deployment workflows with GitOps using ArgoCD and Kubernetes
Tools and Technologies You Will Use:
Jenkins, Helm, Kubernetes (GKE), ArgoCD
Trivy, Dockle, OWASP ZAP, slscan, Pyraider
Vault, InSpec, Ansible, Falco, Argo Workflows
Docker, Kubernetes RBAC, GitHub, GitOps
Who Should Take This Course:
DevOps and Cloud Engineers who want to add security to their toolbelt
AI/ML Engineers deploying models and services on Kubernetes
Platform Engineers managing modern microservices at scale
Security Engineers transitioning to DevSecOps practices
Developers building containerized applications for production
This is not a theoretical course. You will be working on real-world labs and projects that simulate what modern engineering teams do to secure their software pipelines in production environments.
Whether you're deploying a machine learning model, a microservice, or a SaaS product — this course will help you ensure that your deployments are secure, scalable, and compliant.
