Cloud Flight Simulator Part 1: GitLab CI, Workflows, and Secrets
1 هزار بار بازدید -
6 ماه پیش
-
Before you can help DevOps
Before you can help DevOps teams solve security problems and improve their security programs, you need to understand how they think, how they work, and the tools that they use. Join SEC540: Cloud Security & DevSecOps Automation authors and instructors Ben Allen, Eric Johnson, and Jon Zeolla for a 4 Part Cloud Security Flight Simulator series.
In Part 1, SEC540 lead author and instructor Eric Johnson holds a discussion on Continuous Integration (CI). The 2023 SANS DevOps Survey estimates that nearly 60% of DevOps teams are using version control systems with integrated continuous integration (CI) capabilities such as GitHub and GitLab. In this webcast, you will learn how to create a GitLab CI workflow that deploys a container to a Kubernetes cluster. Along the way, we will explore how GitLab CI uses OpenID Connect (OIDC) identity tokens to authenticate with other cloud services, such as HashiCorp Vault and Kubernetes, to deploy the container.
Explore the rest of the Cloud Flight Simulator Series:
Part 2: Protecting Kubernetes Clusters with Admission
https://www.sans.org/webcasts/cloud-f...
Part 3: Safeguarding the Software Supply Chain
https://www.sans.org/webcasts/cloud-f...
Part 4: Least Privileged Pods with Kubernetes Workloads
https://www.sans.org/webcasts/cloud-f...
Learn more about SANS SEC540: Cloud and DevSecOps Automation course at https://www.sans.org/cyber-security-c...
About the Speaker: Eric Johnson
Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevSecOps Automation and a co-author and instructor for both SEC549: Enterprise Cloud Security Architecture, and SEC510: Public Cloud Security: AWS, Azure, and GCP. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys. Read more about Eric at https://www.sans.org/profiles/eric-jo...
SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications.
SANS Cloud Security Curriculum: www.sans.org/cloud-security
GIAC Cloud Security Certifications: https://www.giac.org/focus-areas/clou...
LinkedIn: LinkedIn: sanscloudsec
Discord: www.sansurl.com/cloud-discord
Twitter: @SANSCloudSec
In Part 1, SEC540 lead author and instructor Eric Johnson holds a discussion on Continuous Integration (CI). The 2023 SANS DevOps Survey estimates that nearly 60% of DevOps teams are using version control systems with integrated continuous integration (CI) capabilities such as GitHub and GitLab. In this webcast, you will learn how to create a GitLab CI workflow that deploys a container to a Kubernetes cluster. Along the way, we will explore how GitLab CI uses OpenID Connect (OIDC) identity tokens to authenticate with other cloud services, such as HashiCorp Vault and Kubernetes, to deploy the container.
Explore the rest of the Cloud Flight Simulator Series:
Part 2: Protecting Kubernetes Clusters with Admission
https://www.sans.org/webcasts/cloud-f...
Part 3: Safeguarding the Software Supply Chain
https://www.sans.org/webcasts/cloud-f...
Part 4: Least Privileged Pods with Kubernetes Workloads
https://www.sans.org/webcasts/cloud-f...
Learn more about SANS SEC540: Cloud and DevSecOps Automation course at https://www.sans.org/cyber-security-c...
About the Speaker: Eric Johnson
Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevSecOps Automation and a co-author and instructor for both SEC549: Enterprise Cloud Security Architecture, and SEC510: Public Cloud Security: AWS, Azure, and GCP. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys. Read more about Eric at https://www.sans.org/profiles/eric-jo...
SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications.
SANS Cloud Security Curriculum: www.sans.org/cloud-security
GIAC Cloud Security Certifications: https://www.giac.org/focus-areas/clou...
LinkedIn: LinkedIn: sanscloudsec
Discord: www.sansurl.com/cloud-discord
Twitter: @SANSCloudSec
6 ماه پیش
در تاریخ 1402/11/13 منتشر شده
است.
1,063
بـار بازدید شده