Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views10 pages

DevSecOps Learning

This document provides an overview of DevSecOps, emphasizing the integration of security throughout the software development lifecycle (SDLC) to enhance efficiency and reduce risks. It discusses key concepts such as CI/CD, various tools like Jenkins, Docker, and AWS, and their roles in a DevSecOps pipeline. The content is structured to support beginners with practical examples and daily learning posts.

Uploaded by

emberate147
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views10 pages

DevSecOps Learning

This document provides an overview of DevSecOps, emphasizing the integration of security throughout the software development lifecycle (SDLC) to enhance efficiency and reduce risks. It discusses key concepts such as CI/CD, various tools like Jenkins, Docker, and AWS, and their roles in a DevSecOps pipeline. The content is structured to support beginners with practical examples and daily learning posts.

Uploaded by

emberate147
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Basic Understanding on

DevSecOps
With

AWS
What’s in this series?
 Real-world usage of DevOps & DevSecOps tools.
 How tools like Jenkins, Docker, Kubernetes, and
Terraform work together.
 Security practices using tools like SonarQube and
Trivy.
 Simple examples to help beginners understand.
 A full month of daily learning posts!
Let’s Start with Day-1
What is DevSecOps?
 DevSecOps stands for Development, Security, and
Operations.
 It’s a culture and approach where security is added into
every stage of software development, rather than
waiting till the end.

Why it matters:
Traditionally, security checks used to happen only after
development. But by then, fixing issues was costly and
time-consuming. DevSecOps helps detect security issues
early, saving time, money, and reducing risk.

Example:
A team using DevSecOps runs security scans (like Trivy or
SonarQube) every time code is pushed to GitHub. If there’s
a security flaw, the build fails — and developers fix it
before the code goes further.
What is SDLC (Software Development Life Cycle)?
SDLC is the step-by-step process followed to develop
software:
 Planning
 Design
 Development
 Testing
 Deployment
 Maintenance
Why it matters:
Having a clear SDLC helps teams build software in a
structured and organized way. It reduces errors, improves
quality, and keeps everyone on the same page.
Example:
Imagine building a mobile app. First, you gather
requirements (planning), then design the screens (design),
write code (development), test the app (testing), release it
on the app store (deployment), and then keep fixing issues
and updating features (maintenance).
What is CI/CD?
CI/CD stands for:
 Continuous Integration (CI): Developers merge
their code frequently, and the system automatically
builds and tests the app.
 Continuous Delivery/Deployment (CD): After
testing, the app is automatically deployed to staging
or production.
Why it matters:
CI/CD ensures faster and more reliable releases. You can
catch bugs early and release updates more often with
confidence.
Example:
Using Jenkins or GitHub Actions, code changes can be
automatically built, tested, and deployed to an AWS server
every time a developer makes a change.
Here are the tools and topics I’ll be covering, along
with how they are used in a DevSecOps pipeline:

🐧 Linux
Used for managing servers, running containers, scripting,
and almost everything in DevOps. Knowing basic
commands is crucial for DevOps engineers.

GitHub
Version control tool used to store, manage, and
collaborate on source code. Integrates with CI/CD tools to
trigger builds when code is pushed.

☁️ AWS (Amazon Web Services)


Cloud platform to deploy, scale, and manage applications.
Commonly used services include VPC, EC2, S3, IAM
etc.,in DevOps workflows.
SonarQube – Code Quality & Security Testing
Analyzes source code to detect bugs, code smells, and
vulnerabilities. Ensures code quality before deployment.

Build Tools – Maven & NPM


Used to build projects and manage dependencies:
 Maven: Mostly for Java applications
 NPM: For Node.js applications

🐳 Docker – Containerization
Packages applications into lightweight containers. Helps
run apps consistently across environments.

Trivy – Docker Image Scanning


Scans Docker images for vulnerabilities. Helps in
identifying risks before pushing images to production.
☸️ Kubernetes – Container Orchestration

Manages and scales Docker containers. Automates


deployment, scaling, and management of containerized
apps.

⚙️ Ansible – Configuration Management


Used to automate server setup, deployments, and updates.
Ensures consistent environments across multiple servers.

Jenkins – CI/CD Automation


Automates code builds, testing, and deployments. Acts as
the backbone for CI/CD pipelines in most DevOps
projects.

Terraform – Infrastructure as Code


Used to provision and manage cloud infrastructure using
code. Helps automate and scale cloud resources (like
AWS, Azure, GCP).
Thank You

You might also like