1 - Build a Continuous Integration Pipeline (26:01) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/starting-code https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/03.01-build-ci 4 - Pre-commit Hook for Secret Scanning & Integrating GitLeaks in CI Pipeline (19:47) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/03.04-gitleaks 6 - Integrate SAST Scans in Release Pipeline (20:31) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/03.06-sast 1 - Generate Security Scanning Reports (09:20) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/blob/feature/04.01-scan-reports 2 - Introduction to DefectDojo, Managing Security Findings, CWEs (25:15) DefectDojo Image: https://hub.docker.com/r/defectdojo/defectdojo-django Demo: https://demo.defectdojo.org/ CWE CWE List: https://cwe.mitre.org/data/definitions/699.html OWASP Top 10 Mapping: https://cwe.mitre.org/data/definitions/1344.html 3 - Automate Uploading Security Scan Results to DefectDojo (29:00) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/04.03-upload-reports 4 - Fix Security Issues Discovered in the DevSecOps Pipeline (16:16) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/04.04-remediate 1 - Software Composition Analysis - Security Issues in Application Dependencies (15:02) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/05.01-sca 3 - Integrate CI/CD Pipeline with AWS ECR (19:38) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/06.03-ecr 4 - Configure Application Deployment Environment on EC2 Server (08:39) Commands to configure EC2 application server # update package repos sudo apt update # Install docker on Ubuntu 22.04 sudo apt install docker.io -y # Add ubuntu user to docker group sudo usermod -aG docker ubuntu # Install AWS CLI sudo apt install awscli -y 5 - Deploy Application to EC2 Server with Release Pipeline (15:46) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/blob/feature/06.05-ec2-deploy 6 - Configure Self-Managed GitLab Runner for Pipeline Jobs (14:12) Commands to configure GitLab runner instance # update package repos sudo apt update # Install gitLab runner curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash sudo apt install gitlab-runner -y # Install docker on Ubuntu 22.04 sudo apt install docker.io -y # Add gitlab-runner & ubuntu users to docker group sudo usermod -aG docker gitlab-runner sudo usermod -aG docker ubuntu # Install AWS CLI sudo apt install awscli -y # Register runner sudo gitlab-runner register \ --url "https://gitlab.com/" \ --token "registration-token-here" \ --executor "shell" 2 - Configure Automated Security Scanning in Application Image (14:00) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/blob/feature/07.02-image-scan 3 - Analyze & Fix Security Issues from Findings in Application Image (17:21) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/07.03-image-fixes 4 - Secure Continuous Deployment to Server using SSM (12:55) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/blob/feature/09.04-ssm 8 - Configure Automated DAST Scans in CI/CD Pipeline (22:21) https://gitlab.com/twn-devsecops-bootcamp/latest/juice-shop/-/tree/feature/09.08-dast 2 - Terraform Script for AWS Infrastructure Provisioning (18:53) https://gitlab.com/twn-devsecops-bootcamp/latest/infra-automation 4 - Build CI/CD Pipeline for Infrastructure Code using GitOps Principles (13:17) https://gitlab.com/twn-devsecops-bootcamp/latest/infra-automation/-/tree/feature/final-code