Advanced4 days (~32 hrs) DevOps4Me certified HRDF-claimable

Integrating DevSecOps in CI/CD Pipelines

Shift security left. Build security into every stage of your pipeline.

About this course

A hands-on advanced course based on a real-world Proof of Concept. Learn to embed SAST, vulnerability management, and continuous monitoring into a complete CI/CD pipeline using GitLab, Docker, SonarQube, DefectDojo, Prometheus and Grafana — covering OWASP, PCI-DSS and GDPR compliance scenarios.

What you'll achieve

Build a secure CI/CD pipeline with GitLab + GitLab Runner
Run SAST with SonarQube and aggregate findings via DefectDojo
Containerise a production app (Django) with Docker
Monitor app performance & security with Prometheus + Grafana
Demonstrate compliance with OWASP, PCI-DSS, GDPR standards

Curriculum

Module 1
DevSecOps Fundamentals
Why DevSecOps · Shift-left security · Pipeline architecture
Module 2
GitLab as the Hub
SCM · Container registry · CI/CD pipelines
Module 3
Containerisation
Docker · GitLab Runner deployment
Module 4
Static Application Security Testing
SonarQube setup · Quality gates · False positives
Module 5
Vulnerability Management
DefectDojo aggregation · Risk triage
Module 6
Production Application
Django deployment · Task management
Module 7
Monitoring & Visualisation
Prometheus metrics · Grafana dashboards · Alerting
Module 8
Compliance & Real-World Use Cases
E-commerce / PCI-DSS · Healthcare / HIPAA · FinTech · Microservices

Who this is for

Senior DevOps engineers
Application security engineers
Platform & SRE teams
Compliance officers in regulated industries

Tools & technologies

GitLab Docker GitLab Runner SonarQube DefectDojo Django Prometheus Grafana

Prerequisites

Solid Docker and CI/CD experience
Linux administration basics