Secure CI/CD Pipelines

Modern agile development processes often comprise the keywords Continuous Integration/Delivery/Deployment (CI/CD). By implementing those concepts (especially in combination with automation), continuous security can be integrated into development lifecycles, as well as time to delivery significantly reduced. In this workshop attendees will learn how to use the novel concepts CI/CD including the associated risks and possibilities.

Modern agile development processes often comprise the keywords Continuous Integration/Delivery/Deployment (CI/CD). By implementing those concepts (especially in combination with automation), continuous security can be integrated into development lifecycles, as well as time to delivery significantly reduced. In this workshop attendees will learn how to use the novel concepts CI/CD including the associated risks and possibilities. The following questions will be treated:

  • What is hidden behind the keywords Continuous Integration/Delivery/Deployment, Microservices and Docker?
  • Which technical challenges and possibilities do those approaches implicate?
  • How can security related topics (i.e. automated tests or vulnerability scans) be integrated into pipelines?
  • How can those modern concepts and tools be secured against attacks?

At the end of the training, each attendee will have knowledge about the described technologies and tools in the context of Continuous Integration/Delivery/Deployment. The workshop consists of theoretical basics and practical examples, in which a fully functional CI/CD pipeline is built and secured.

Requirements

  • Basic knowledge of the Linux bash and a command line-based text editor (e.g. nano or vim).
  • A system with WLAN and an SSH client (i.e. PuTTY) which is able to connect via SSH to systems in the Internet.
  • A system with an administrative user to install the required tools (a virtual machine with Windows 10 is recommended).

For the exercises, we provide the server systems of the needed infrastructure in a cloud environment which the attendees can connect to via SSH. Additionally, a (virtualized) client system with administrative access is required to setup the development environment per attendee.

About the Speakers