DevSecOps Academy Training Pre-Requisites

 

Critical PreRequisite Steps to Take Before Academy Start Date

  1. Each participant must have Corporate / Personal / Free Trial Account on Azure DevOps (https://dev.azure.com/), GitLab (https://gitlab.com/users/sign_in) & GitHub (https://github.com/login).
    1. GitLab may ask you for credit card details during the user creation but it won’t charge you.
  2. For Azure DevOps if you have just created the account and it does not have an Organization configured -
    1. Login into https://dev.azure.com/ 
    2. Follow the steps to create an Organization in dev.azure.com, if you have not created already.
    3. Fill this form to request a free tier of hosted parallelism for Private projects at https://aka.ms/azpipelines-parallelism-request ETA is two - three business days.

Additional PreRequisite Steps to Take Before Academy Start Date

  1. Watch Azure CI Pipeline Video - https://www.youtube.com/watch?v=xH5EY7FCFQw
  2. Watch GitHub Actions Video -  https://www.youtube.com/watch?v=eB0nUzAI7M8 and https://www.youtube.com/watch?v=TLB5MY9BBa4
  3. Watch GitLab CI Pipeline Video - https://www.youtube.com/watch?v=Jav4vbUrqII and https://www.youtube.com/watch?v=jUiKi6FWYrg
  4. Must be comfortable on basic Linux Bash Script writing, Windows Batch files and PowerShell scripts.
  5. Must be comfortable on Windows and Linux OS.
  6. Must be comfortable on using Git Tools (i.e. Git Desktop or TortoiseGit)
  7. Basic understanding of Fortify SCA, SSC, WebInspect, SC SAST and SC DAST
  8. Recommended Self Learning Courses –
    1. Fortify SAST all 8 Lessons
    2. Fortify DAST all 5 Lessons
    3. Fortify SC DAST Part 1 and Part 2
  9. Make sure in your laptop Google Chrome is set as the default browser.
  10. Teams Channel: https://teams.microsoft.com/l/channel/19%3a74b1bc18716c47a6be74f70bdd55bb42%40thread.tacv2/AppSec%2520Technical%2520Bootcamp?groupId=1ea2be4a-a0fa-433a-8967-38c6cfbff062&tenantId=856b813c-16e5-49a5-85ec-6f081e13b527
  11. Download and install GoToMeeting Client from https://global.gotomeeting.com/install
  12. Training Registration URL: https://attendee.gototraining.com/r/2124773653976574722 

Training ID: 199-094-284

 

Course Outline:

  1. Lab Setup
  2. Fortify 22.1.x on Prem with Azure DevOps
    1. Setting up the basic build pipeline for Sample DotNET Application using Windows based Self Hosted Agent
    2. Using Fortify Plugins
      1. Fortify SAST Assessment
      2. Fortify SC SAST Assessment
      3. Fortify WI DAST Scan
      4. Fortify SC DAST Scan
    3. Using CLI scripts
      1. Fortify SAST Assessment
      2. Fortify SC SAST Assessment
      3. Fortify WI DAST Scan
      4. Fortify SC DAST Scan
    4. Setting up the basic build pipeline for Sample Java Application using Linux based Self Hosted Agent
    5. Using Fortify Plugins
      1. Fortify SAST Assessment
      2. Fortify SC SAST Assessment
      3. Maven integration
      4. Fortify WI DAST Scan
      5. Fortify SC DAST Scan
    6. Using CLI scripts
      1. Fortify SAST Assessment
      2. Fortify SC SAST Assessment
      3. Fortify WI DAST Scan
      4. Fortify SC DAST Scan
  3. Fortify 22.1.x on Prem with GitHub Actions
    1. Setting up the basic build pipeline for Sample Java Application using Linux based Self Hosted Agent
    2. Fortify SAST Assessment
    3. Fortify SC SAST Assessment
    4. Fortify WI DAST Scan
    5. Fortify SC DAST Scan
  4. Fortify 22.1.x on Prem with GitLab CI Pipeline
    1. Setting up the basic build pipeline for Sample Java Application using Linux based Self Hosted Agent
    2. Fortify SAST Assessment
    3. Fortify SC SAST Assessment
    4. Fortify WI DAST Scan
    5. Fortify SC DAST Scan