DevSecOps Notes

1) Gitlab solution idea -> issue -> plan -> code -> commit -> test -> review -> staging -> production -> feedback plan -Kanban Boards -project Managment -Agile Portfolio Managment -Service Desk code -Source Code Managment -Merge Requests -Code Review -Wiki -Snippets -Web IDE -Diff tools test/secure -Continous Integration -Code Quality -Performance Testing -SAST & DAST -Dependency Scanning -Container Scanning -License Managment -Secret Detection release -Continous Deployment -Continous Delivery -Extensible pipelines -Canary / Blue Green Deployments -Kubernetes & Serverless Integrations -ChatOps operations -Logging -Kubernetes Cluster Monitoring -Tracing -Contributor Analytics -Release Cycle Analytics -Prometheus Monitoring

1) What have to be done to deliver application? a) write application b) test application c) package -src -config -src -comp d) Provision Day 1/2+ e) Deploy 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) 13) 14) 15) 16) 17) 18) 19) 20) 21) 22) 23) 24) 25) 26) 27) 28) 29) 30) 31) 32) 33) 34) 35)

1. Overview -Gartner published first raport on DevSecOps in May 2016 - Traditional IT departments are fragmented, with Development, Security, and Operations all having different leadership and reporting structures.. -DevSecOps builds on the idea that cross-functional teams must work together and that everyone is responsible for security - Process experts and coaches often say that DevOps is not about tooling -Engineers and technologists grow tired of process quickly and want real-world examples of how processes can be implemented - The "automate everything" mantra of the DevOps movement is central to DevSecOps as well DevSecOps Automation ; -Software version control -Continous integration -Continous testing -Configuration managment and deployment -Continous monitoring -Conterization -Container orchestration DevSecOps can be used to enforce proper cybersecurity practices within an automated DevOps CI/CD pipeline. Plan            ...

0.) Overview -Started at 2012 -First prouduct Vagrant 1.) Vagrant 2.) Surf 3.) Consul -network topography - can give you time to reach from one server to another 4.) Terraform 5.) Vault 6.) Atlas 7.)

1) Role of secret managment: - safely and securly store secret values and (binary) files (such as passwords, tokens, license files, etc.) in a central repository or system. Through Access Control Lists (ACL), only specific entities can retrive the (decrypted) values of the secrets. -audit log. Who or what access (or fails to access) secrets, and when. 2) 3) 4) 5) 6) 7) 8) 9) 10) Storing secrets in AWS Parametr Store

1. Transtion from Traditional Datacenter to multi-cloud a) Tradition Datacenter "Static" - Dedicated Infrastracture - Static - "Ticket-based" - Provision - Dedicated servers. Homogenous - Secure - high trust IP -based - Connect - Host -based. Static IP - Run - Dedicated Infrastracture -  Provision  -> vCenter -  Secure  -> IP:Hardware -  Connect  -> Hardware -  Run  -> vSphere b) Modern Datacenter "Dynamic" - Private Cloud + AWS + Azure + GCP + ... - Dynamic - "Self service" - Provision - Capacity on-demand . Heterogenous. - Secure - Low trust Identity -based - Connect - Service -based. Dynamic IP. - Run - Scheduled across the fleet                                        Private Cloud                 AWS                ...

npm run start # Starts up a development server. For development use only. npm run test # Runs tests associated with the project. npm run build # Builds a production versionof the application

To check what you downloaded is what was meant to be distributed

https://en.wikipedia.org/wiki/Instruction_set_architecture https://en.wikipedia.org/wiki/X86 https://en.wikipedia.org/wiki/X86-64