Labs

Building a Pipeline Github Actions

Scanning Insecure Code with NodeJSScan and Github Actions

Running an NPM Audit in Github Actions

Security Testing with ZAP and GitHub Actions

Container Security Scanning with Github Actions

Course Content

Introduction to DevSecOps

DevOps and the rise of DevOps

The need for DevSecOps

Success Factors and Challenges implementing DevSecOps

DevSecOps as a series of Developer-first workflows

Introduction to GitOps

Git as a Single Source of Truth

Git Source Repositories and Automation Capabilities:

  • Github
  • Gitlab

GitOps workflows for CI/CD – An Introduction and Perspective

Github Actions: Deep dive

Github Actions – Introduction and Overview

Lab: Create your custom Github Action

Leveraging the Github Actions “Store” to identify useful pre-existing automations for Github

Lab: Creating an end-to-end Github Actions-driven workflow for Continuous Integration


DevSecOps with Github Actions

Approach to Labs with Cookbook style Labs for Github Actions and DevSecOps

Cookbook 1: Implementing a SAST and SCA workflow with Github Actions for Git Pull Requests

Cookbook 2 : Implementing and End-to-End Workflow for SAST and SCA on commit to the main Github Branch with “Break the build capability”

Cookbook 3 : Automating DAST Checks with Github Actions and OWASP ZAP

GitHub Actions is an API that’s used to automate, customize, and execute software development workflows right in your GitHub repository. Developers and security professionals have found ways to use it to implement automation and CI/CD workflows in DevSecOps.

This course is a deep dive into the use of GitHub Actions in DevSecOps, with practical learning through hands-on labs. We begin with an introduction to both DevSecOps and GitOps. This will transition into a practical segment where you’ll create your own custom GitHub Actions. You’ll even learn to create an Actions-driven workflow for Continuous Integration.

We then explore DevSecOps with GitHub Actions with the help of cookbook-style labs. Here, you’ll implement end-to-end SAST and SCA workflows, as well as automate DAST Checks with GitHub Actions and OWASP ZAP.

This course is a distillation of years of security testing experience, knowledge, and original research across our entire team. We’ve designed our material and labs to reflect real-world techniques and challenges, making it easy for you to gain serious practical experience in automating DevSecOps workflows. When you’ve completed this course, you can implement what you’ve learned in effectively implementing Security in DevOps.

Beginner

5
Hours
14
Lessons
5
Cloud Labs
learning path:
DevSecOps

Github Actions for DevSecOps

Ideal for
DevOps
Security Engineer
Get Started

You might also like these courses

Or explore these Learning Paths

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
Copyright AppSecEngineer © 2025