Hands-on DevSecOps Course (for PerfTest Shift-Left)

Achieve performance engineering and testing at the end of every sprint

                       

Overview

• Valuable Insights
• Who Should Attend
• Editions of the course
• Course Outline
  • Overview
  • Repositories
  • Generate application
  • Build and Release
  • Virtualization
  • Security
  • Scalable orchestration
  • REST API
  • Testing services
  • Monitoring
• Learning Resources
• More on DevSecOps
• Wait, there’s more. Click one of these …

Valuable Insights

Get hands-on experience with continuos integration using the latest versions of the most popular DevSecOps tools, all working together, end-to-end, in a set of servers participants control.

NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.

Only this course provides participants a full set of several cloud-based servers to work on live during the class. This is an opportunity few get even with on-the-job experience.

See how the 21 groups of DevOps technologies work together in a complete toolchain that builds and deploy software: AWS CLI, Git, GitHub/GitLab, Maven/Yarn, Nexus, Jenkins/Cloudbees, Vault, SonarQube, Selenium, Terraform.

Commentary during this “guided tour” include tips and tricks for moving organizations to the end-state shown – for deep insight into both benefits and challenges related to agile automation in DevSecOps.

The “Sec” part of “DevSecOps” means security, which include scans of code for vulnerabilities, use of digital certificates to control access, and tools to manage secrets using secure vaults.

To ensure quality at speed, Agile software developers are increasingly required to include in each sprint automated performance status in their System Demo presentations.

The traditional approach of performance testing only before final release to production means that potentially major risks and technical debt can remain hidden. Here is how organizations make performance testing and engineering “shift-left” earlier in the software development lifecycle.

VIDEO: https://youtu.be/ZG073qSgh_0

Who Should Attend

This course is for anyone new to DevSecOps but experienced with information technology and software development. No specific prerequisites are assumed, and new technical concepts are explained. Executives, directors, managers, product owners, analysts, testers, programmers can all benefit from this first-hand experience.

Editions of the course

There are several editions of this class, of different length:

• The half-day introduction provides an understanding of key DevSecOps buzzwords and concepts possible only from seeing the various tools all working together. Participants pull from then push to GitHub, edit files, and see first-hand programs built and software tested automatically. Participants leave with an understanding of the meaning behind buzzwords and abbreviations in DevSecOps.

• The full-day experience has you generating both application code and the whole DevOps toolchain for an architecture that automatically scales. You then re-build the whole setup after making configuration changes. Participants leave with an ability to identify DevSecOps toolchain components and usage workflow and have an appreciation for some of the subtleties about each technology.

• The two-day immersion enables you to see code moving through multiple environments from development servers to production clusters – crucial for working in corporate enterprises. Participants see a live “blue/green” deployment and fall-back. Participants leave with a visceral understanding of both the advantages and limitations modern DevSecOps offers.
  
  

Course Outline

https://roadmap.sh/devops

Overview

Toolchain components
Alternatives
Example: Maven vs. Yarn
Workflows

Repositories

GitHub/GitLab source repository
Maven/Yarn package repository
Nexus binary repository
SonarQube status repository
CMDB server repository
DNS (Domain Name System)
CDN for files around the world
Application SQL databases
Liquibase database schema changelogs
NoSQL databases
Time-series databases

Generate application

Programming Languages (Java)
Java Frameworks: Spring Boot
JHipster
Angular

Build and Release

Login GitHub/GitLab
Release when ready
Login Jenkins/Salt/Travis/CirclCI/TeamCity
Maven/Yarn/Ant/Gradle/Gulp

Virtualization

Docker images vs. Vagrant
AWS HVM machine images
OpenStack LXC

Security

SonarQube code scan run reports
HashiCorp Vault
Penetration testing

Scalable orchestration

HashiCorp Packer
NetflixOSS
HashiCorp Consul
Blue/Green deployment
Failover test run
Google Kubernetes
Puppet Zookeeper/Noah/Mesos

REST API

Testing services

Terminal CLI
BrowserSync
Browser inspect debugger
Mock services
Jenkins/Cloudbees
JUnit
Selenium
Fitnesse
Cucumber

Monitoring

Zipkin tracing
ELK stack vs. Tick stack
Elsticsearch vs. InfluxDB
Logstash vs. Telegraf
Kibana vs Graphana

Learning Resources

http://automationtoolsbootcamp.com

More on DevSecOps

This is one of a series on DevSecOps:

1. DevOps_2.0
2. ci-cd (Continuous Integration and Continuous Delivery)
3. User Stories for DevOps

4. Enterprise Software)

5. Git and GitHub vs File Archival
6. Git Commands and Statuses
7. Git Commit, Tag, Push
8. Git Utilities
9. Data Security GitHub
10. GitHub API

11. TFS vs. GitHub

12. Choices for DevOps Technologies
13. Pulumi Infrastructure as Code (IaC)
14. Java DevOps Workflow

15. Okta for SSO & MFA

16. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
17. AWS server deployment options

18. AWS Load Balancers

19. Cloud services comparisons (across vendors)
20. Cloud regions (across vendors)

21. AWS Virtual Private Cloud

22. Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
23. Azure Certifications

24. Azure Cloud

25. Azure Cloud Powershell
26. Bash Windows using Microsoft’s WSL (Windows Subsystem for Linux)

27. Azure KSQL (Kusto Query Language) for Azure Monitor, etc.

28. Azure Networking
29. Azure Storage
30. Azure Compute

31. Azure Monitoring

32. Digital Ocean

33. Cloud Foundry

34. Packer automation to build Vagrant images
35. Terraform multi-cloud provisioning automation

36. Hashicorp Vault and Consul to generate and hold secrets

37. Powershell Ecosystem
38. Powershell on MacOS

39. Powershell Desired System Configuration

40. Jenkins Server Setup
41. Jenkins Plug-ins
42. Jenkins Freestyle jobs

43. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

44. Docker (Glossary, Ecosystem, Certification)
45. Make Makefile for Docker
46. Docker Setup and run Bash shell script
47. Bash coding
48. Docker Setup
49. Dockerize apps

50. Docker Registry

51. Maven on MacOSX

52. Ansible
53. Kubernetes Operators

54. OPA (Open Policy Agent) in Rego language

55. MySQL Setup

56. Threat Modeling

57. SonarQube & SonarSource static code scan

58. API Management Microsoft

59. API Management Amazon

60. Scenarios for load
61. Chaos Engineering

Wait, there’s more. Click one of these …

This article is one of a series about tuning and performance:

• Performance testing in the cloud era
• Perftest (Performance Testing and Engineering)
• Agile Performance Testing and Engineering

• Hands-on DevSecOps Course (for PerfTest Shift-Left

• Build load-balanced servers in AWS EC2 using CloudFormation

• Scenarios for load

• JVM Profilers

• JMeter in the cloud for distributed performance testing

• Gatling to performance test Salesforce NPSP

• TruWeb performance testing on macOS and Linux clients
• JavaScript in LoadRunner
• LoadRunner Javascript coding
• LoadRunner 12.55 installation
• WebTours configuration in LoadRunner and others

---