DevSecOps has gained considerable momentum in recent years. It integrates software development (Dev), information security (Sec), and IT operations (Ops) so that businesses increase the value delivered by software. This course provides an overview of DevSecOps; introduces essential practices, such as continuous integration / continuous deployment (CI/CD), that shorten the cycle from implementing a feature to its availability to users; and describes how to start a DevSecOps transformation.
This course is for anyone who develops or manages information technology (IT) systems and wants to break down barriers between teams (development, information security, and operations), to shorten the time to market of new IT capabilities and gain a competitive advantage in the industry, and to increase the dependability and security of IT services.
Overview
Syllabus
- Introduction
- What is DevSecOps? How did we get here? This module provides a brief overview of software processes (e.g., waterfall and agile), why many organizations are adopting DevSecOps to increase the business value being delivered by software, and the principles that underpin DevSecOps practices.
- The Three Ways
- The behaviors and practices of DevSecOps stem from three principles: the fast flow of planned work throughout the value stream, constant feedback at every stage in the process, and the creation of a generative culture that embraces continual learning. This module dives into each of these principles in more detail, illustrating the concepts with real-world examples related to manufacturing and technology as evidence of their applicability to different domains.
- Getting Started
- How do we start a DevSecOps transformation in our organization? When we're in trouble, we don't get many chances so we need to maximize our likelihood of success! Consequently, we should identify a value stream that supports our long-term objectives, carefully select who is involved in the transformation, and elevate existing constraints that limit our ability to scale.
- Project
- In this module, we'll apply DevSecOps practices in the context of developing a website. To do that, we'll introduce Git, a distributed version control system, and GitHub, a software development and project management platform; these two tools will be used extensively later in this specialization. Rather than developing the website from scratch, we'll use Jekyll, a static site generator, to convert Markdown files to web pages automatically. Finally, we'll introduce GitHub Actions to automate various tasks, from building the site to monitoring it in production.
Taught by
Joel Coffman