Labs

Performing SAST Scans with Bandit

Performing Custom SAST Scans with Bandit

Using Semgrep for SAST

Scanning Insecure Code with NodeJSScan and Github Actions

Running Git Commit Hooks with Bandit

Running Git Commit Hooks with ESLint

Course Content

Introduction to DevSecOps

DevOps and the rise of DevOps

The need for DevSecOps

Success Factors and Challenges implementing DevSecOps

DevSecOps as a series of Developer-first workflows

Static Analysis (SAST) for DevSecOps

Static Analysis and its importance to security

Embedding Static Analysis in Developer-First workflows

Types of Static Analysis Tools – Polyglot Tools, OSS Specialized AST Tools and Grep/QL Tools

Advantages and Disadvantages of Tools

Implementing and automating SAST for DevSecOps

AST vs Grep vs QL Tools – Labs

Automation Labs – Integrating Static Analysis into the IDE/Local Git hooks

Automating SAST with GitOps – GitOps use-cases and SAST Implementation Examples and Labs

Building your own incremental Security Scanner for SAST and GitOps

Integrating SAST into CI Pipelines and Tools

  • Gitlab
  • Github
  • Jenkins

SAST for Continuous Deployment – Implementation Strategies

Labs: Leveraging SAST for scanning AWS and Terraform Scripts

An application is only as secure as the source code it’s built on. That’s the philosophy behind Static Application Security Testing (SAST), which allows security engineers to identify threats to their apps at the source code level. This is the heart of Continuous Application Security, and it’s what this course is all about.

In Static Analysis and Code Review for DevSecOps, we’ll be going over some of the most common SAST tools, including methods of automating security tooling in a CI/CD pipeline. You’ll spend time rolling out SAST workflows and actually ‘building’ security pipelines that can be integrated into an organisation’s DevOps process.

Our hands-on labs will even walk you through methods to perform SAST incrementally to boost the efficiency of security testing in your software development lifecycle.This course is designed to teach you everything you need to know about static application security and how it ties into a sustainable DevOps practice.

Our material is backed by years of security testing experience, knowledge, and original research across our entire team. Upon completing this course, you’ll have the requisite knowledge and skill to perform a comprehensive static analysis of your application’s security posture, as well as effectively implement it into your DevSecOps pipeline.

Beginner

4
Hours
15
Lessons
6
Cloud Labs
learning path:
DevSecOps

Static Analysis and Code Review for DevSecOps

Ideal for
DevOps
Security Engineer
Get Started

You might also like these courses

Or explore these Learning Paths

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
Copyright AppSecEngineer © 2025