Advanced DevSecOps: Real-World Security for DevOps Engineers

Define software as a set of programs that solve problems and drive business operations. It enables customers, delivery, inventory, and support to function, requiring ongoing maintenance and security.

A web application runs in a browser over the internet, using html, css, and javascript on the frontend and backend code on servers with databases.

Explore microservices as decoupled, bounded-context components built from small pieces that communicate over a network, enabling separate teams to manage order, inventory, and shipping.

Explore a three-microservice sample project built with React, Java, and Python, illustrating front-end, back-end, and inter-service http flow across cloud infrastructure for learning DevSecOps.

Explore how a GitHub repository stores three microservices—front end in React, a Java backend, and a Python backend—organized in separate folders, with commands to clone and view the source code.

Clone the public code onto an AWS Linux instance using git clone, then explore the front end and back end folders on the cloud, preparing the environment for execution.

Explore the four step process to build runnable software by gathering code from frontend and backend folders, resolving dependencies, and producing an executable artifact for deployment on AWS.

Discover how the build process manages frontend, backend one, and backend two dependencies using package.json, pom.xml, and requirements.txt, and how build tools enable a single command to automate it.

Learn to build a React frontend with npm: clone the project, install dependencies with npm install, then run npm run build to produce a browser-ready site folder.

Learn to build a java backend artifact with maven install, compiling sources, resolving dependencies, and packaging into a jar file for deployment on AWS.

Store and distribute artifacts by compressing the build folder and exposing the jar file via a web server. Use nginx on AWS to serve these files over http for download.

Deploy the application across three isolated AWS machines: a web server for the frontend, a Java backend, and a Python service, each installing dependencies after retrieving artifacts from storage.

Deploy the Python application on an AWS Ubuntu VM by cloning the GitHub repo, installing Python 3 and dependencies from requirements.txt, and running the program, listening on port 5000.

Install OpenJDK 11 on the AWS Ubuntu VM, download the jar from storage, and run it with java -jar, configuring the Java property to point to the Python URL.

Deploy the frontend React application on an AWS VM by configuring nginx to serve the build folder from /var/www/html and opening port 80 in the AWS security group.

Explore how a three-machine microservices setup communicates: frontend calls the Java app on 8080, which uses private IP to reach Python on 5000; update and deploy the new frontend build.

Configure the frontend to use the Java URL by updating app.js, then build, compress, and deploy the new front-end build across servers, finally verify the connection in the browser.

Explore production best practices for scalable, multi‑machine deployments on AWS, including VPC networking, load balancing, stateless front ends, and centralized data storage across microservices.

Explore containers and container images that bundle an application with its runtime and dependencies into a portable, isolated Linux environment. See how this enables consistent, scalable deployment across machines.

Explore how containers transform the four-step dev process by packaging code, dependencies, and runtime into portable images stored in a registry and deployed across any Linux machine.

Install docker on a host, download the official nginx image from hub.docker.com, and run your first container. Manage containers with docker run, docker ps, and docker logs.

Compare containers with VMs by using a shared host OS and a container runtime, saving resources. Log in to a container to run commands like apt-get and wget.

Develop a container image by running a base ubuntu container with nginx and a build folder in /var/www/html, then commit the container and push the image to a registry.

Learn to develop container images in steps with a dockerfile, leveraging caching, and automating builds that install nginx, configure the startup command, and copy the build folder into the image.

Build the frontend app into a container image using the official nginx base and copy the build folder to the nginx root, then publish it to a registry.

Build a Java container image using a Dockerfile with OpenJDK, copying the jar, and setting CMD to java -jar. Expose the port and define SA logic api URL variable.

Build a Python container image by installing dependencies from requirements.txt with pip, configuring the Dockerfile, and setting a default command for a ready-to-run deployment.

Publish three built images—frontend, Java, and Python—to Docker Hub by logging in, tagging with latest, and pushing from the build server.

Deploy on an AWS server with Docker and pull hub.docker.com images. Run Python, Java, and frontend containers with docker run, establishing internal and external networking via IPs and port forwarding.

Deploy the Python application to an AWS docker host by running the Python image from Docker Hub with docker run, then use docker inspect to obtain IP and port 5000.

deploys a java app as a docker container on a single host, exposing port 8080 via -p 8080:8080, using bazel/demo_backend_one:latest and SA_API_URL to the python service at http://<python-ip>:5000.

Explore end-to-end deployment with a three-container stack (nginx frontend, java, python) on an AWS server, including port forwarding, security group rules, and debugging with browser network inspector and Docker logs.

Explore container orchestration with docker run and Kubernetes, addressing automatic deployment, scaling, load balancing, service discovery, fault tolerance, and monitoring to manage thousands of containers across many machines.

Define the desired state of your containers—image, replicas, scaling, and resource limits—and let Kubernetes enforce it by coordinating the API server and runtime components to match the current state.

Kubernetes is an open source container orchestration platform with an api-centric control plane, scheduler, controllers, and cloud controller manager coordinating worker nodes to meet the desired state.

Explore how to run Kubernetes across cloud, on-prem, or a local laptop, with kubectl and managed services from AWS and Google Cloud.

Learn to create a managed Kubernetes cluster on Google Cloud using GKE, provision via the gcloud CLI, authenticate, and understand the control plane and worker nodes.

Create a Kubernetes service to route requests to the correct pod using a label selector, configure ports in yaml, and apply changes to enable internal communication and load balancing.

Create a second container in a GKE cluster, expose it via a service on port 80, and verify cross-node communication between containers using kubectl and the service IP.

Expose your Kubernetes apps to external users by configuring services as cluster ip, nodeport, or load balancer, and route traffic via a Google Cloud load balancer to the correct container.

Deployments in Kubernetes use a deployment controller to maintain three replicas, automatically recreating pods that crash or run the wrong version, aligning actual state with the desired state.

Explore how the service uses label selectors to route traffic to labeled ports, exposing a public IP and load balancing requests across stateless containers.

Deploy three deployments and three services in a Kubernetes cluster for front-end, Java, and Python apps, with front-end and Java as load balancers, Python as cluster IP, and DNS-based communication.

Explore Kubernetes communication between Java, Python, and front-end services, using DNS service names, port 80 mapping to 5000, and environment variables defined in deployment YAML to enable inter-service calls.

Learn to embed security into every ci/cd step—from code commit through container building and deployment to Kubernetes—using Jenkins or Azure DevOps.

Explore the full security scope for DevOps, from code and dependency security to supply chain, with automated checks in CI/CD and policy-driven production safeguards.

Explore practical source code security with real-time linting and static analysis, using VS Code integrations and SonarQube to deliver automated security feedback throughout the DevOps workflow.

Configure SonarQube with Docker and PostgreSQL using Docker Compose for automated static code analysis, and explore running it on Kubernetes or a single host.

Install SonarQube on a Kubernetes cluster with a PostgreSQL database using Helm, create a dedicated namespace, and expose the UI via port forwarding for code analysis.

Learn to scan a frontend JavaScript project with SonarQube by creating a project, generating a token, and running a SonarScanner to publish a report to the server.

Examine unknown and known vulnerabilities in software dependencies, using public CVE advisories to evaluate risk across operating system packages and application libraries.

Learn to manage application dependencies by mapping direct and transitive packages, auditing them against vulnerability databases with npm audit, and integrating checks into your build process for automatic security feedback.

Configure Jenkins on Ubuntu to run npm audit as the Jenkins user, cloning code from GitHub and automating dependency vulnerability scanning in a CI/CD pipeline.

Leverage Jenkins to auto-detect code changes, trigger continuous builds, and run npm audit to identify known CVEs in dependencies, while contrasting with SonarQube for deeper code analysis and reporting options.

Explore container security basics, attack surface, and network protection, and apply least-privilege container permissions with base image security, plus a Trivy scan demo.

Secure the java container by adopting minimum permissions: create a bazel user, run the jar as that user, and grant 700 jar permissions with restricted folder access.

Minimize base image size and package count to reduce the attack surface; choose lightweight alpine or distroless images when appropriate, and avoid shipping source code or build tools in production.

Learn to use Trivy to scan base container images for operating system vulnerabilities. Inspect CVE results and decide whether to upgrade packages or switch to a safer base image.

Discover how the Trivy security tool scans container images, file systems, and Kubernetes clusters to detect OS and application package vulnerabilities, configuration issues, and recommended fixes.