DevSecOps Bootcamp

Trainosys X Arch Global Services (Philippines) Inc. (AGSI)
Target Audience: Software Engineers, IT Professionals, DevOps Practitioners, QA Engineers, and BPO Specialists looking to enhance their DevSecOps skills.
Prerequisites: Basic knowledge of software development, CI/CD pipelines, and familiarity with command-line tools.

Overview:

The DevSecOps Bootcamp is an intensive, hands-on program designed to equip AGSI’s team with practical skills and industry-leading knowledge in DevSecOps practices. By covering a broad range of tools and methodologies, this program ensures participants gain a solid foundation in security-first software delivery and automation. The bootcamp combines lectures, hands-on labs, and real-world scenarios tailored to AGSI’s operational needs, culminating in an assessment to reinforce learning outcomes.

Goal:
To provide participants with a comprehensive understanding of DevSecOps principles and tools, empowering them to implement secure, efficient, and automated processes within their teams.

Duration:

Module	Duration
GitHub		2 days
Docker		3 days
Kubernetes		5 days
Jenkins		5 days
Unit Testing		2 days
Playwright Testing		3 days
UiPath		3 days
JFrog		2 days
JMeter		2 days
Ansible		5 days
Nagios		5 days
OWASP		1 day
SonarQube		5 days

Objectives:

1. Core Knowledge: Gain a deep understanding of DevSecOps concepts and best practices.
2. Tool Mastery: Hands-on experience with industry-standard tools like Git, Docker, Kubernetes, Jenkins, and more.
3. Secure Development: Learn how to integrate security practices into the CI/CD pipeline.
4. Automation Excellence: Build and manage automated processes for software delivery and monitoring.
5. Real-World Application: Apply acquired skills to AGSI’s unique workflows and operational challenges.
6. Assessment and Feedback: Validate learning through assessments and feedback sessions.

Course Outline:

1. GitHub (2 Days – 14 hrs) 

• Topics: Git basics, version control, branching, and merging, repository management.
• Hands-On Labs: Collaborating on repositories, resolving conflicts, setting up CI workflows.

GitHub Training Course (2 Days – 14 hrs)

Overview:

This 2-day intensive GitHub training course is designed to provide participants with a thorough understanding of GitHub and its capabilities. By the end of the course, attendees will gain practical knowledge of version control, collaboration workflows, and GitHub’s role in modern software development. Through hands-on labs and guided exercises, participants will learn how to manage repositories, resolve conflicts, and set up continuous integration (CI) workflows efficiently.

 

Objectives:

1. Understand the fundamental concepts of Git and GitHub.
2. Learn how to create, clone, and manage repositories.
3. Master version control workflows, including branching, merging, and conflict resolution.
4. Collaborate effectively using GitHub’s tools for team management and code reviews.
5. Set up and manage CI workflows to automate software delivery processes.

 

Target Audience:

• Software Developers
• DevOps Engineers
• QA Engineers
• IT Professionals involved in software version control
• Anyone looking to enhance their skills in GitHub and version control systems

 

Prerequisites:

• Basic understanding of software development and programming concepts.
• Familiarity with the command line interface (CLI) is recommended.
• A laptop with Git pre-installed and access to a GitHub account.

 

Course Outline:

Day 1: Git and GitHub Basics

Introduction to Version Control and Git:

• Overview of version control systems.
• Key concepts: commits, repositories, staging area, and working directory.

Getting Started with Git:

• Installing and configuring Git.
• Initializing a repository and understanding Git file states.
• Creating and managing commits.

Introduction to GitHub:

• Overview of GitHub features and interface.
• Creating and managing repositories on GitHub.
• Connecting local repositories with GitHub.

Branching and Merging:

• Understanding branches and their purpose.
• Creating, switching, and merging branches.
• Conflict resolution during merges.

Hands-On Labs:

• Initializing a repository and committing changes.
• Pushing local changes to a remote repository on GitHub.
• Creating and merging branches with conflict resolution.

 

Day 2: Advanced GitHub and Collaboration

Collaboration Using GitHub:

• Forking and cloning repositories.
• Pull requests: creation, review, and merging.
• Managing collaborators and permissions.

Repository Management:

• Structuring repositories for collaboration.
• Managing issues and pull requests.
• Using GitHub Actions for CI workflows.

Setting Up Continuous Integration (CI):

• Overview of CI and its importance in DevOps.
• Creating GitHub Actions workflows.
• Automating builds, tests, and deployments.

Best Practices in GitHub:

• Commit message guidelines.
• Managing large repositories.
• Security and access control.

Hands-On Labs:

• Collaborating on a shared repository.
• Setting up a GitHub Actions workflow for CI.
• Automating pull request reviews and testing.

 

Outcome:

Participants will leave the course with hands-on experience in using GitHub for version control, team collaboration, and CI workflows. They will be prepared to apply GitHub best practices to their projects, enhancing productivity and code quality in their teams.

 

2. Docker (3 Days – 21 hrs)

• Topics: Containerization basics, Dockerfile creation, image building, and orchestration.
• Hands-On Labs: Building and deploying containerized applications.

Docker Training Course (3 Days – 21 hrs)

Overview:

This 3-day Docker training course is designed to provide participants with a comprehensive understanding of containerization technology and its role in modern DevSecOps practices. Through a combination of theoretical discussions and hands-on labs, participants will learn to create, manage, and deploy containerized applications efficiently using Docker. By the end of the course, attendees will be equipped with the skills to integrate Docker into their software development and deployment workflows.

 

Objectives:

1. Understand the fundamentals of containerization and the Docker platform.
2. Learn how to create and manage Docker images and containers.
3. Master the art of writing Dockerfiles and optimizing container images.
4. Gain hands-on experience in orchestrating containerized applications.
5. Understand Docker’s role in DevSecOps pipelines and CI/CD workflows.

 

Target Audience:

• DevOps Engineers
• Software Developers
• IT Operations Professionals
• QA Engineers
• Anyone involved in building and deploying applications in a containerized environment

 

Prerequisites:

• Familiarity with basic Linux commands.
• Understanding of software development and application architecture.
• A laptop with Docker pre-installed (instructions will be provided beforehand).

 

Course Outline:

Day 1: Introduction to Docker and Containerization

Introduction to Containerization:

• What is containerization?
• Differences between containers and virtual machines.
• Benefits of using containers in modern development workflows.

Docker Fundamentals:

• Overview of the Docker platform.
• Installing and configuring Docker.
• Key Docker concepts: images, containers, and registries.

Working with Docker Containers:

• Creating and running containers.
• Managing container lifecycle: start, stop, pause, and remove.
• Inspecting container details.

Hands-On Labs:

• Installing Docker and running your first container.
• Exploring container commands and managing container states.

 

Day 2: Docker Image Creation and Management

Understanding Docker Images:

• What are Docker images?
• Pulling images from Docker Hub.
• Customizing images for specific applications.

Writing Dockerfiles:

• Introduction to Dockerfile syntax and structure.
• Building custom images using Dockerfiles.
• Best practices for optimizing Dockerfiles.

Docker Image Management:

• Tagging and versioning Docker images.
• Pushing and pulling images to/from Docker registries.
• Cleaning up unused images and layers.

Hands-On Labs:

• Writing Dockerfiles for a sample application.
• Building, tagging, and pushing images to Docker Hub.

 

Day 3: Advanced Docker Features and Orchestration

Networking and Volumes in Docker:

• Understanding Docker networking.
• Configuring bridge and overlay networks.
• Using Docker volumes for persistent storage.

Deploying Multi-Container Applications:

• Introduction to Docker Compose.
• Writing and running Compose files.
• Managing multi-container deployments with Compose.

Container Orchestration Basics:

• Introduction to orchestration and its importance.
• Overview of Docker Swarm and Kubernetes.
• Setting up a simple Docker Swarm cluster.

Hands-On Labs:

• Creating a multi-container application using Docker Compose.
• Setting up a basic Docker Swarm environment and deploying services.

 

Outcome:

Participants will leave the training with a strong understanding of Docker and its ecosystem. They will have practical experience in building, managing, and orchestrating containerized applications, empowering them to implement containerization in their DevSecOps workflows effectively.

 

3. Kubernetes (5 Days – 35 hrs)

• Topics: Cluster architecture, pods, deployments, services, and Helm charts.
• Hands-On Labs: Managing applications in Kubernetes, scaling, and troubleshooting.

Kubernetes Training Course (5 Days – 35 hrs)

Overview:

This 5-day Kubernetes training course provides an in-depth exploration of container orchestration using Kubernetes. Designed for IT professionals seeking to deploy, manage, and scale containerized applications, the course combines theoretical instruction with hands-on labs. Participants will gain a deep understanding of Kubernetes cluster architecture, core components, and practical skills for managing Kubernetes in production environments.

 

Objectives:

1. Understand Kubernetes cluster architecture and its components.
2. Learn how to deploy, manage, and scale applications in Kubernetes.
3. Master Kubernetes resources such as pods, deployments, and services.
4. Explore Helm charts for application deployment automation.
5. Gain hands-on experience in troubleshooting and optimizing Kubernetes applications.

 

Target Audience:

• DevOps Engineers
• System Administrators
• IT Operations Professionals
• Developers working with containerized applications
• Anyone responsible for deploying and managing Kubernetes clusters

 

Prerequisites:

• Basic understanding of containers (e.g., Docker).
• Familiarity with Linux command-line operations.
• Experience with application deployment and system administration is recommended.

 

Course Outline:

Day 1: Kubernetes Fundamentals

Introduction to Kubernetes:

• What is Kubernetes and why use it?
• Kubernetes vs. traditional container orchestration tools.
• Overview of Kubernetes architecture: Master and Worker nodes.

Setting Up a Kubernetes Cluster:

• Installing Kubernetes using kubeadm, Minikube, or managed services (GKE, EKS, AKS).
• Configuring kubectl CLI.
• Exploring cluster components: API server, etcd, controller manager, and scheduler.

Hands-On Labs:

• Setting up a Kubernetes cluster locally or on the cloud.
• Configuring kubectl and exploring cluster information.

 

Day 2: Kubernetes Core Concepts

Pods and Deployments:

• Understanding pods as the basic unit of deployment.
• Creating and managing deployments.
• Managing pod lifecycle and health checks.

Services and Networking:

• Cluster networking and service discovery.
• Types of services: ClusterIP, NodePort, LoadBalancer.
• Configuring Ingress for HTTP/S routing.

Hands-On Labs:

• Deploying a sample application with pods and services.
• Configuring health checks and scaling deployments.

 

Day 3: Advanced Kubernetes Features

ConfigMaps and Secrets:

• Managing application configuration using ConfigMaps.
• Securing sensitive data with Secrets.

Volumes and Persistent Storage:

• Understanding Kubernetes storage options.
• Configuring Persistent Volumes (PVs) and Persistent Volume Claims (PVCs).
• Dynamic provisioning with StorageClasses.

Hands-On Labs:

• Deploying applications with ConfigMaps and Secrets.
• Setting up Persistent Volumes for stateful applications.

 

Day 4: Helm Charts and Application Automation

Introduction to Helm:

• What is Helm and its role in Kubernetes.
• Installing and configuring Helm.
• Understanding Helm charts and templates.

Managing Applications with Helm:

• Using existing Helm charts from repositories.
• Creating custom Helm charts for applications.
• Versioning and upgrading applications with Helm.

Hands-On Labs:

• Deploying applications using Helm charts.
• Creating and customizing a Helm chart for a sample application.

 

Day 5: Scaling, Monitoring, and Troubleshooting

Scaling Applications:

• Horizontal Pod Autoscaler (HPA).
• Scaling nodes and cluster resources.
• Resource requests and limits for pods.

Monitoring and Logging:

• Integrating monitoring tools like Prometheus and Grafana.
• Viewing logs and debugging pods.

Troubleshooting Kubernetes Applications:

• Debugging pods and deployments.
• Resolving common cluster issues.

Hands-On Labs:

• Configuring HPA for a sample application.
• Setting up Prometheus and Grafana dashboards.
• Debugging and troubleshooting failed deployments.

 

Outcome:

Participants will leave this training with practical skills to deploy, manage, and troubleshoot Kubernetes clusters and applications. They will gain the confidence to implement Kubernetes solutions in production environments and automate deployments using Helm charts.

 

4. Jenkins (5 Days – 35 hrs)

• Topics: CI/CD pipelines, configuring jobs, and plugin management.
• Hands-On Labs: Automating builds, tests, and deployments.

Jenkins Training Course (5 Days – 35 hrs)

Overview:

This 5-day Jenkins training course is designed to equip participants with in-depth knowledge and practical experience in using Jenkins for continuous integration and continuous delivery (CI/CD). Attendees will learn how to configure Jenkins pipelines, manage jobs, integrate plugins, and automate build, test, and deployment processes. The course is highly interactive, blending theory with hands-on labs to ensure participants gain real-world skills for implementing Jenkins in DevSecOps workflows.

 

Objectives:

1. Understand the core concepts of Jenkins and its role in CI/CD pipelines.
2. Learn to configure and manage Jenkins jobs effectively.
3. Explore advanced Jenkins features, including pipeline scripting and plugin management.
4. Automate builds, tests, and deployments using Jenkins.
5. Integrate Jenkins with other tools and platforms commonly used in DevSecOps.

 

Target Audience:

• DevOps Engineers
• Software Developers
• QA Engineers
• System Administrators
• IT Professionals involved in software development and deployment

 

Prerequisites:

• Basic understanding of software development and deployment workflows.
• Familiarity with version control systems (e.g., Git).
• Experience with Linux command-line operations is recommended.

 

Course Outline:

Day 1: Introduction to Jenkins

Introduction to Continuous Integration and Jenkins:

• Importance of CI/CD in modern development.
• Overview of Jenkins: Features and architecture.
• Installing and configuring Jenkins.

Jenkins Basics:

• Exploring the Jenkins dashboard.
• Setting up user roles and permissions.
• Configuring system settings and security.

Hands-On Labs:

• Installing Jenkins and exploring its interface.
• Configuring Jenkins for a sample project.

 

Day 2: Jenkins Jobs and Pipelines

Working with Jenkins Jobs:

• Creating and configuring freestyle jobs.
• Setting up build triggers (e.g., Git commits, schedules).
• Monitoring and managing build history.

Introduction to Jenkins Pipelines:

• Declarative vs. scripted pipelines.
• Understanding Jenkinsfile structure.
• Writing and executing basic pipelines.

Hands-On Labs:

• Creating and running a freestyle job.
• Writing a basic Jenkinsfile for a simple pipeline.

 

Day 3: Advanced Pipeline and Automation

Advanced Pipeline Concepts:

• Multi-branch pipelines and use cases.
• Stages, steps, and parallel executions.
• Managing pipeline parameters and environment variables.

Automating Builds and Tests:

• Integrating Jenkins with Git repositories.
• Automating testing with unit testing frameworks.
• Configuring pipeline notifications (e.g., email, Slack).

Hands-On Labs:

• Creating a multi-branch pipeline.
• Automating unit tests within a pipeline.
• Configuring build notifications.

 

Day 4: Plugin Management and Integrations

Jenkins Plugin Management:

• Exploring the Jenkins plugin ecosystem.
• Installing, updating, and managing plugins.
• Essential plugins for CI/CD workflows (e.g., Git, Slack, Docker).

Tool Integrations:

• Integrating Jenkins with Docker.
• Using Jenkins with Kubernetes for deployment.
• Integrating Jenkins with monitoring tools like Prometheus.

Hands-On Labs:

• Installing and configuring essential plugins.
• Integrating Jenkins with Docker for containerized builds.
• Setting up Jenkins monitoring with Prometheus.

 

Day 5: Deployment and Troubleshooting

Deployment Automation:

• Configuring deployment pipelines for various environments.
• Rollback strategies and deployment best practices.

Troubleshooting and Optimization:

• Debugging common Jenkins errors.
• Optimizing Jenkins performance for large-scale projects.
• Securing Jenkins: Best practices for production environments.

Final Assessment and Project:

• Building a complete CI/CD pipeline from scratch.
• Deploying an application using Jenkins.
• Troubleshooting and optimizing the pipeline.

Hands-On Labs:

• Configuring a production-grade deployment pipeline.
• Debugging and optimizing pipeline performance.
• Final project: End-to-end CI/CD pipeline implementation.

 

Outcome:

By the end of this training, participants will have gained a thorough understanding of Jenkins and its practical applications in CI/CD workflows. They will be able to implement and manage Jenkins pipelines, automate key processes, and integrate Jenkins with other tools in a DevSecOps environment effectively.

 

5. Unit Testing (2 Days – 14 hrs)

• Topics: Writing unit tests, test coverage analysis, and mocking.
• Hands-On Labs: Implementing unit tests in a sample application.

Unit Testing Training Course (2 Days – 14 hrs)

Overview

This 2-day Unit Testing training course equips participants with the foundational knowledge and practical skills needed to write effective unit tests. Through a mix of theoretical insights and hands-on labs, participants will learn to implement unit testing strategies, analyze test coverage, and utilize mocking frameworks. The course focuses on building confidence in code reliability, enhancing software quality, and aligning with DevSecOps best practices.

 

Objectives

By the end of this course, participants will:

1. Understand the importance of unit testing in the software development lifecycle.
2. Write and execute unit tests using industry-standard tools and frameworks.
3. Analyze and improve test coverage.
4. Use mocking techniques to isolate components for testing.
5. Identify and address common challenges in unit testing.

 

Target Audience

• Software developers and engineers.
• Quality assurance professionals.
• DevOps practitioners looking to integrate testing into their workflows.
• Anyone involved in software testing and code quality improvement.

 

Prerequisites

• Basic programming knowledge in a relevant language (e.g., Python, Java, C#, etc.).
• Familiarity with software development workflows.
• Prior exposure to integrated development environments (IDEs) is beneficial but not mandatory.

 

Course Outline

Day 1: Fundamentals of Unit Testing

• Introduction to Unit Testing
  • Purpose and benefits of unit testing.
  • Role of unit testing in DevSecOps.
  • Overview of popular unit testing frameworks.
• Writing Effective Unit Tests
  • Best practices for test case design.
  • Structure of a unit test: Arrange, Act, Assert.
  • Handling test data and test scenarios.
• Hands-On Lab 1: Writing simple unit tests for a sample application.

Day 2: Advanced Unit Testing Techniques

• Test Coverage and Metrics
  • Understanding code coverage metrics.
  • Tools for measuring test coverage.
  • Improving and analyzing coverage.
• Mocking and Isolation
  • Importance of mocking in unit testing.
  • Using mocking frameworks (e.g., Mockito, Moq, etc.).
  • Creating and managing mock objects.
• Common Challenges and Solutions
  • Debugging failed tests.
  • Dealing with flaky tests.
  • Ensuring test maintainability.
• Hands-On Lab 2: Implementing mocking in unit tests for a sample application.
• Hands-On Lab 3: Analyzing and improving test coverage.

 

Outcome:

By completing this 2-day Unit Testing course, participants will gain the skills to write effective unit tests, analyze test coverage, and use mocking techniques. They will enhance software quality, improve code reliability, and integrate unit testing into DevSecOps workflows, ensuring robust and maintainable applications.

 

6. Playwright Testing (3 Days – 21 hrs)

• Topics: End-to-end testing, Playwright scripting, and automation.
• Hands-On Labs: Creating and executing Playwright test scripts.

Playwright Testing Training Course (3 Days – 21 hrs)

Overview

This 3-day Playwright Testing course provides participants with the knowledge and skills to implement end-to-end testing using Playwright, a modern testing framework. Through a mix of lectures and hands-on labs, participants will learn to script and automate tests, ensuring robust and reliable web applications. The course focuses on using Playwright’s capabilities for cross-browser testing, debugging, and automating workflows.

 

Objectives

By the end of the course, participants will:

1. Understand the fundamentals of end-to-end testing and its importance in DevSecOps.
2. Set up and configure Playwright for testing web applications.
3. Create, execute, and debug Playwright test scripts.
4. Leverage Playwright’s features for cross-browser and cross-platform testing.
5. Automate workflows and test cases to enhance software quality.

 

Target Audience

• QA engineers and testers.
• Software developers focused on front-end and web development.
• DevOps engineers integrating testing into CI/CD pipelines.
• Anyone interested in mastering modern end-to-end testing tools.

 

Prerequisites

• Basic programming knowledge (JavaScript, TypeScript, or Python).
• Familiarity with web application development and testing concepts.
• Experience with command-line tools is recommended but not required.

 

Course Outline

Day 1: Introduction to Playwright and Setup

• What is Playwright?
  • Overview of Playwright and its role in end-to-end testing.
  • Comparison with other testing tools (e.g., Selenium, Cypress).
• Setting Up Playwright
  • Installing Playwright and its dependencies.
  • Configuring testing environments for different browsers.
• Hands-On Lab 1: Setting up a Playwright project and running the first test.

Day 2: Writing and Executing Playwright Tests

• Playwright Scripting Basics
  • Writing test cases using Playwright.
  • Navigating web pages and interacting with UI elements.
  • Asserting conditions and validating results.
• Advanced Features of Playwright
  • Handling multiple browser contexts.
  • Managing cookies, sessions, and network requests.
• Hands-On Lab 2: Writing and executing tests for a sample web application.

Day 3: Automation and Debugging

• Automating Workflows with Playwright
  • Creating reusable test components.
  • Automating form submissions, user actions, and workflows.
• Debugging and Test Maintenance
  • Debugging failed tests using Playwright Inspector.
  • Maintaining test scripts for evolving applications.
• Integrating Playwright with CI/CD Pipelines
  • Running Playwright tests in automated build and deployment workflows.
• Hands-On Lab 3: Building an end-to-end automated test suite.

 

Outcome:

By completing this 3-day Playwright Testing course, participants will master the creation and execution of automated end-to-end tests, enhance software quality, and integrate Playwright into CI/CD workflows. They will gain practical skills to ensure robust, reliable, and cross-browser web application testing.

 

7. UiPath (3 Days)

• Topics: RPA fundamentals, UiPath Studio, workflows, and bots.
• Hands-On Labs: Developing automation workflows.

UiPath Training Course (3 Days)

Overview

This 3-day UiPath training course introduces participants to Robotic Process Automation (RPA) using UiPath. Through a combination of theory and hands-on labs, participants will gain a solid foundation in UiPath Studio, workflow design, and bot development. This course equips learners with the skills to create and deploy automation workflows, enhancing operational efficiency and enabling seamless integration with DevSecOps practices.

 

Objectives

By the end of the course, participants will:

1. Understand the fundamentals of RPA and its benefits in automation.
2. Gain proficiency in UiPath Studio for designing automation workflows.
3. Learn to create, configure, and deploy bots for various business processes.
4. Explore best practices for maintaining and scaling automation solutions.
5. Develop practical experience through hands-on labs and exercises.

 

Target Audience

• RPA developers and practitioners.
• Software engineers interested in automation.
• DevSecOps professionals seeking to automate repetitive tasks.
• Business process analysts aiming to enhance efficiency with RPA.

 

Prerequisites

• Basic programming knowledge is beneficial but not mandatory.
• Familiarity with business processes and workflows.
• General understanding of IT and software development concepts.

 

Course Outline

Day 1: RPA Fundamentals and UiPath Basics

• Introduction to RPA
  • Overview of Robotic Process Automation (RPA).
  • Role of RPA in DevSecOps and business process automation.
• Getting Started with UiPath
  • Introduction to UiPath Studio and its components.
  • Setting up the UiPath environment.
• Building Basic Workflows
  • Understanding sequence, flowchart, and state machine workflows.
  • Creating and debugging a simple automation project.
• Hands-On Lab 1: Designing a basic automation workflow.

 

Day 2: Developing Automation Workflows

• Workflow Design and Activities
  • Exploring common activities in UiPath (e.g., data manipulation, file operations).
  • Best practices for modular and reusable workflows.
• Integrating with External Systems
  • Automating email, Excel, and web applications.
  • Handling APIs and external data sources.
• Error Handling and Debugging
  • Strategies for exception handling and ensuring workflow reliability.
• Hands-On Lab 2: Creating workflows for automating real-world tasks.

 

Day 3: Bot Deployment and Management

• Orchestrator and Bot Deployment
  • Introduction to UiPath Orchestrator for managing automation.
  • Scheduling, monitoring, and deploying bots.
• Advanced Topics
  • Scaling automation solutions for enterprise environments.
  • Ensuring security and compliance in RPA workflows.
• Hands-On Lab 3: Deploying and managing bots using Orchestrator.
• Final Project: Building an end-to-end automation solution.

Outcome:

By completing this 3-day UiPath Training Course, participants will gain practical skills in designing, building, and deploying automation workflows. They will understand RPA fundamentals, master UiPath Studio, and be equipped to implement automation solutions to enhance efficiency and integrate with DevSecOps practices.

 

8. JFrog (2 Days – 14 hrs)

• Topics: Artifactory management, repository configuration, and CI/CD integration.
• Hands-On Labs: Managing artifacts in JFrog.

JFrog Training Course (2 Days – 14 hrs)

Overview

This 2-day JFrog training course focuses on mastering JFrog Artifactory for managing artifacts and integrating them into CI/CD pipelines. Participants will gain hands-on experience in repository configuration, artifact management, and optimizing the software delivery lifecycle. The course emphasizes practical applications of JFrog in DevSecOps environments.

 

Objectives

By the end of the course, participants will:

1. Understand the role of JFrog Artifactory in artifact management and DevSecOps.
2. Configure and manage repositories for effective artifact storage and retrieval.
3. Integrate JFrog Artifactory with CI/CD pipelines to streamline software delivery.
4. Learn best practices for securing and maintaining artifacts.
5. Gain practical experience in managing artifacts through hands-on labs.

 

Target Audience

• DevSecOps professionals and engineers.
• CI/CD practitioners integrating artifact management.
• Software developers and QA engineers.
• IT professionals managing repositories and build artifacts.

 

Prerequisites

• Basic knowledge of software development and CI/CD pipelines.
• Familiarity with DevSecOps concepts.
• Experience with build tools like Maven, Gradle, or similar is beneficial.

 

Course Outline

Day 1: Introduction to JFrog Artifactory

• What is JFrog Artifactory?
  • Overview and benefits of artifact management.
  • Role of JFrog in the DevSecOps ecosystem.
• Configuring Artifactory Repositories
  • Setting up local, remote, and virtual repositories.
  • Repository structures and best practices.
• Managing Artifacts
  • Uploading, storing, and retrieving artifacts.
  • Understanding artifact lifecycle management.
• Hands-On Lab 1: Configuring repositories and managing artifacts.

Day 2: Advanced Features and CI/CD Integration

• Integrating JFrog with CI/CD Pipelines
  • Using JFrog with Jenkins, GitHub Actions, and other tools.
  • Automating artifact deployment and versioning.
• Securing and Optimizing Artifacts
  • Managing permissions and access control.
  • Implementing artifact cleanup and retention policies.
• Best Practices in Artifact Management
  • Ensuring scalability and performance.
  • Strategies for repository maintenance.
• Hands-On Lab 2: Integrating JFrog Artifactory into a CI/CD pipeline.

Outcome:

By completing this 2-day JFrog Training Course, participants will gain practical skills in managing artifacts, configuring repositories, and integrating JFrog Artifactory into CI/CD workflows. They will be equipped to enhance software delivery efficiency and implement secure artifact management in DevSecOps environments.

9. JMeter (2 Days – 14 hrs)

• Topics: Performance testing basics, scripting, and reporting.
• Hands-On Labs: Load testing with JMeter.

JMeter Training Course (2 Days – 14 hrs)

Overview

This 2-day JMeter training course equips participants with the skills to perform performance testing on web applications and services. Through a combination of lectures and hands-on labs, participants will learn the fundamentals of JMeter, including scripting, load testing, and analyzing reports to ensure application stability and scalability in a DevSecOps environment.

 

Objectives

By the end of this course, participants will:

1. Understand the fundamentals of performance testing and its importance in DevSecOps.
2. Gain hands-on experience in using JMeter for scripting and load testing.
3. Learn to design, execute, and monitor test plans for web applications and services.
4. Analyze test results and generate detailed performance reports.
5. Apply best practices for performance testing in real-world scenarios.

 

Target Audience

• QA engineers and testers.
• Performance engineers and analysts.
• DevOps and DevSecOps practitioners integrating testing into workflows.
• Software developers involved in application performance tuning.

 

Prerequisites

• Basic understanding of web application architecture.
• Familiarity with testing concepts and tools is beneficial but not required.
• General knowledge of HTTP, APIs, and networking basics.

 

Course Outline

Day 1: Introduction to JMeter and Performance Testing Basics

• Introduction to Performance Testing
  • What is performance testing?
  • Importance of performance testing in DevSecOps.
• Getting Started with JMeter
  • Overview of JMeter’s features and components.
  • Installing and setting up JMeter.
• Creating and Configuring Test Plans
  • Understanding test plan elements: Thread groups, samplers, listeners.
  • Designing test plans for different use cases.
• Hands-On Lab 1: Setting up a basic JMeter test plan and running the first test.

 

Day 2: Advanced Scripting and Reporting

• Scripting and Load Testing
  • Recording user flows with JMeter’s proxy.
  • Parameterization and correlation in test scripts.
  • Simulating different user scenarios and loads.
• Monitoring and Analyzing Results
  • Generating and interpreting performance test reports.
  • Identifying bottlenecks and areas for optimization.
• Integration with CI/CD Pipelines
  • Automating performance tests using JMeter in CI/CD workflows.
• Best Practices in Performance Testing
  • Optimizing test plans for accuracy and reliability.
  • Handling common challenges in performance testing.
• Hands-On Lab 2: Load testing a sample application and analyzing results.

Outcome:

By completing this 2-day JMeter Training Course, participants will gain hands-on experience in designing and executing performance tests, analyzing results, and generating reports. They will be equipped to use JMeter for load testing, ensuring application scalability and integrating performance testing into DevSecOps workflows.

 

10. Ansible (5 Days – 35 hrs)

• Topics: Configuration management, playbooks, roles, and inventory.
• Hands-On Labs: Automating server configuration.

Ansible Training Course (5 Days – 35 hrs)

Overview

This 5-day Ansible training course provides participants with a deep understanding of configuration management and automation using Ansible. Through lectures and extensive hands-on labs, participants will learn to create and manage playbooks, configure roles, and handle inventories. The course focuses on practical applications to automate server configuration and integrate Ansible into DevSecOps workflows.

 

Objectives

By the end of this course, participants will:

1. Understand the fundamentals of Ansible and its role in configuration management.
2. Create and manage playbooks for automating repetitive tasks.
3. Use roles and inventory files to manage complex environments.
4. Implement Ansible for server configuration automation and application deployment.
5. Integrate Ansible with CI/CD pipelines for streamlined workflows.

 

Target Audience

• System administrators and IT professionals.
• DevOps and DevSecOps practitioners.
• Infrastructure engineers and architects.
• Developers interested in infrastructure automation.

 

Prerequisites

• Basic Linux command-line knowledge.
• Familiarity with SSH and YAML syntax.
• General understanding of server configuration and management.

 

Course Outline

Day 1: Introduction to Ansible and Basics

• What is Ansible?
  • Overview of Ansible and its benefits in automation.
  • Ansible architecture and components.
• Getting Started with Ansible
  • Installing and configuring Ansible.
  • Understanding YAML and its usage in playbooks.
• Hands-On Lab 1: Setting up Ansible and running a basic playbook.

 

Day 2: Writing Playbooks

• Playbook Fundamentals
  • Structure and syntax of playbooks.
  • Variables and conditionals in playbooks.
• Advanced Playbook Concepts
  • Loops, handlers, and notifications.
  • Error handling and debugging playbooks.
• Hands-On Lab 2: Creating advanced playbooks for server tasks.

 

Day 3: Roles and Inventory Management

• Using Roles
  • Structuring roles for modular automation.
  • Creating and sharing roles with Ansible Galaxy.
• Managing Inventory
  • Static and dynamic inventory management.
  • Grouping hosts and using inventory variables.
• Hands-On Lab 3: Building roles and managing dynamic inventories.

 

Day 4: Automation and Best Practices

• Automating Server Configurations
  • Configuring services and deploying applications.
  • Automating security and compliance tasks.
• Best Practices in Ansible
  • Writing efficient and maintainable playbooks.
  • Optimizing performance and scaling Ansible setups.
• Hands-On Lab 4: Automating multi-server configurations.

 

Day 5: Ansible in DevSecOps Workflows

• Integrating Ansible with CI/CD
  • Using Ansible with Jenkins, GitLab, or other CI/CD tools.
  • Automating deployment pipelines.
• Real-World Scenarios
  • Troubleshooting common issues in Ansible.
  • Case studies and practical applications.
• Final Project: Creating a full-fledged Ansible automation workflow.

Outcome:

By completing this 5-day Ansible Training Course, participants will master configuration management, automate server setups, and create efficient playbooks and roles. They will be equipped to streamline processes, manage complex environments, and integrate Ansible into DevSecOps workflows for enhanced operational efficiency.

 

11. Nagios (5 Days – 35 hrs)

• Topics: Monitoring fundamentals, setting up hosts, and alerting.
• Hands-On Labs: Creating monitoring dashboards.

Nagios Training Course (5 Days – 35 hrs)

Overview

This 5-day Nagios training course provides in-depth knowledge and practical skills to implement and manage monitoring solutions using Nagios. Participants will learn about monitoring fundamentals, host configuration, and alerting mechanisms. Through hands-on labs, they will build and customize monitoring dashboards to enhance visibility and proactive management of IT infrastructure.

 

Objectives

By the end of this course, participants will:

1. Understand the fundamentals of monitoring and Nagios architecture.
2. Set up and configure Nagios for monitoring hosts, services, and network devices.
3. Implement effective alerting and notification systems.
4. Build and customize monitoring dashboards for real-time insights.
5. Integrate Nagios with other tools in DevSecOps workflows.

 

Target Audience

• IT administrators and system engineers.
• Network and infrastructure engineers.
• DevOps and DevSecOps professionals.
• Anyone responsible for monitoring IT infrastructure and ensuring system uptime.

 

Prerequisites

• Basic knowledge of Linux and networking concepts.
• Familiarity with IT infrastructure and system administration tasks.
• Prior experience with command-line tools is beneficial.

Course Outline

Day 1: Introduction to Monitoring and Nagios Basics

• Monitoring Fundamentals
  • Importance of monitoring in DevSecOps.
  • Overview of monitoring tools and Nagios architecture.
• Installing and Configuring Nagios
  • Setting up Nagios Core and its components.
  • Configuring basic settings and understanding configuration files.
• Hands-On Lab 1: Installing Nagios and setting up initial configuration.

 

Day 2: Host and Service Monitoring

• Monitoring Hosts and Services
  • Defining hosts, host groups, and service groups.
  • Configuring checks for system health, services, and network devices.
• Managing Plugins
  • Using and customizing Nagios plugins for specific monitoring needs.
  • Writing simple custom plugins.
• Hands-On Lab 2: Configuring host and service monitoring with plugins.

 

Day 3: Alerting and Notifications

• Setting Up Notifications
  • Configuring email, SMS, and other notification channels.
  • Creating escalation policies for critical alerts.
• Advanced Alerting Features
  • Using dependencies and event handlers for proactive monitoring.
  • Reducing false positives through threshold tuning.
• Hands-On Lab 3: Implementing alerting and notification systems.

 

Day 4: Dashboards and Visualization

• Building Monitoring Dashboards
  • Creating and customizing Nagios dashboards.
  • Using third-party tools for enhanced visualization (e.g., Grafana).
• Analyzing Performance Metrics
  • Interpreting logs and performance data for informed decision-making.
• Hands-On Lab 4: Designing a comprehensive monitoring dashboard.

 

Day 5: Integration and Best Practices

• Integrating Nagios with Other Tools
  • Connecting Nagios with CI/CD pipelines and incident management tools.
  • Using APIs for automation and extending Nagios functionality.
• Best Practices and Troubleshooting
  • Optimizing Nagios configurations for scalability.
  • Troubleshooting common issues and maintaining uptime.
• Final Project: Creating a fully integrated Nagios monitoring solution.

Outcome:

By completing this 5-day Nagios Training Course, participants will master IT infrastructure monitoring, configure hosts and alerts, and create custom dashboards. They will gain practical skills to ensure system uptime, troubleshoot issues, and integrate Nagios into DevSecOps workflows for efficient and proactive monitoring.

12. OWASP (1 Day – 7 hrs)

• Topics: Top 10 security risks, application vulnerabilities, and mitigations.
• Hands-On Labs: Identifying and mitigating vulnerabilities.

OWASP (1 Day – 7 hrs) Training Course

Overview

This 1-day OWASP training course provides a focused overview of the OWASP Top 10 security risks and their impact on application security. Participants will explore common application vulnerabilities and learn best practices for mitigation. Through hands-on labs, attendees will identify vulnerabilities in sample applications and implement strategies to address them effectively, aligning with DevSecOps practices.

 

Objectives

By the end of this course, participants will:

1. Understand the OWASP Top 10 security risks and their significance.
2. Learn about common application vulnerabilities and their exploitation methods.
3. Gain knowledge of secure coding practices to mitigate risks.
4. Develop hands-on experience in identifying and addressing vulnerabilities.
5. Integrate application security into DevSecOps workflows.

 

Target Audience

• Developers and software engineers.
• DevSecOps practitioners.
• Quality assurance professionals and security analysts.
• IT professionals interested in application security.

 

Prerequisites

• Basic knowledge of web application development.
• Familiarity with HTTP, web services, and APIs.
• Understanding of basic security concepts is beneficial but not required.

 

Course Outline

Morning Session: OWASP Top 10 Overview

• Introduction to OWASP
  • What is OWASP and its role in application security?
  • Overview of the OWASP Top 10 security risks.
• Understanding Common Vulnerabilities
  • Injection attacks (SQL, command injection).
  • Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).
  • Broken authentication and sensitive data exposure.
• Hands-On Lab 1: Identifying vulnerabilities in a sample application.

 

Afternoon Session: Mitigations and Secure Practices

• Mitigating OWASP Top 10 Risks
  • Secure coding practices and input validation.
  • Implementing authentication, access controls, and encryption.
  • Using security tools for vulnerability scanning and analysis.
• Integrating Security into DevSecOps
  • Automating security checks in CI/CD pipelines.
  • Best practices for continuous application security.
• Hands-On Lab 2: Mitigating vulnerabilities and securing a sample application.

Outcome:

By completing this 1-day OWASP Training Course, participants will understand the OWASP Top 10 security risks, identify application vulnerabilities, and implement effective mitigations. They will gain practical skills to enhance application security and integrate secure practices into DevSecOps workflows.

13. SonarQube (5 Days)

• Topics: Code quality analysis, static code analysis, and integration with CI tools.
• Hands-On Labs: Configuring and using SonarQube.

SonarQube Training Course (5 Days – 35 hrs)

Overview

This 5-day SonarQube training course focuses on enhancing code quality and security through static code analysis. Participants will gain in-depth knowledge of SonarQube, including configuration, code analysis, and integration with CI/CD tools. Hands-on labs will guide learners through setting up and using SonarQube effectively, making it an integral part of their DevSecOps workflows.

 

Objectives

By the end of this course, participants will:

1. Understand the principles of static code analysis and code quality.
2. Configure and manage SonarQube for analyzing codebases.
3. Learn to identify and resolve code smells, bugs, and security vulnerabilities.
4. Integrate SonarQube into CI/CD pipelines for continuous quality checks.
5. Implement best practices for maintaining high code standards.

 

Target Audience

• Software developers and engineers.
• DevOps and DevSecOps practitioners.
• Quality assurance and software testers.
• IT professionals involved in code quality and security.

 

Prerequisites

• Basic programming knowledge in any language.
• Familiarity with CI/CD tools like Jenkins, GitHub Actions, or GitLab CI.
• Understanding of software development workflows.

 

Course Outline

Day 1: Introduction to SonarQube and Static Code Analysis

• What is SonarQube?
  • Overview of SonarQube and its benefits in DevSecOps.
  • Key features: Code quality, security analysis, and metrics.
• Getting Started with SonarQube
  • Installing and configuring SonarQube.
  • Understanding SonarQube dashboards and metrics.
• Hands-On Lab 1: Setting up SonarQube and analyzing a simple codebase.

Day 2: Code Quality Analysis

• Understanding Code Quality Metrics
  • Code smells, bugs, and vulnerabilities.
  • Measuring maintainability, reliability, and security.
• Analyzing Codebases with SonarQube
  • Configuring rules and profiles for analysis.
  • Customizing quality gates and thresholds.
• Hands-On Lab 2: Analyzing a project and interpreting results.

 

Day 3: Advanced SonarQube Features

• Managing Plugins and Extensions
  • Installing and configuring plugins for enhanced functionality.
  • Language-specific analysis (Java, Python, etc.).
• Integration with Version Control
  • Linking SonarQube with Git repositories.
  • Pull request decoration and inline feedback.
• Hands-On Lab 3: Enhancing analysis with plugins and version control integration.

 

Day 4: CI/CD Integration

• SonarQube in CI/CD Pipelines
  • Integrating SonarQube with Jenkins, GitLab, and GitHub Actions.
  • Automating code quality checks in builds.
• Best Practices in Continuous Quality
  • Monitoring and maintaining quality over time.
  • Setting up automated alerts and reports.
• Hands-On Lab 4: Configuring SonarQube in a CI/CD pipeline.

 

Day 5: Scaling SonarQube and Best Practices

• Scaling and Performance Optimization
  • Managing large codebases and multi-project setups.
  • Optimizing SonarQube for enterprise environments.
• Best Practices for Code Quality Management
  • Ensuring team adoption and consistent use.
  • Periodic audits and compliance checks.
• Final Project: Analyzing and improving the quality of a complex codebase using SonarQube.

 

Outcome:

By completing this 5-day SonarQube Training Course, participants will gain expertise in configuring and using SonarQube for code quality and security analysis. They will be able to identify and resolve code issues, integrate SonarQube into CI/CD pipelines, and maintain high-quality, secure, and maintainable codebases.

Approach:

• Blended Learning: A mix of lectures, live demos, and hands-on labs.
• Interactive Sessions: Group activities and discussions to reinforce concepts.
• Assessment: A final evaluation to gauge participants’ understanding and application.
• Resource Support: Access to guides, cheat sheets, and lab environments.

 

Logistics:

• Participants must bring their AGSI-provided laptops.
• Support from instructors available throughout the course.

 

Conclusion:

This bootcamp is designed to upskill AGSI’s team in DevSecOps, enabling them to adopt secure, automated, and efficient practices in their projects. Participants will leave with practical skills, ready to implement DevSecOps principles in their roles.