Fraunhofer Institute for Open Communication Systems
Fraunhofer Institute for Open Communication Systems
© iStock/ skynesher

© iStock/ skynesher

Security in CI/CD and Microservice Architectures

From the basics to securing systems on an industrial scale

This course provides a comprehensive insight into securing CI/CD systems and enables participants to implement secure systems from the outset.

We start with the basics of CI/CD security and gradually explore advanced techniques to secure pipelines against various threats.

Hands-on learning with real applications: Participants will work with microservice-based architectures that mirror real deployment scenarios. Through interactive discussions and hands-on exercises, they will gain experience in securing CI/CD pipelines.

Address vulnerabilities and threats: We will explain the most common security risks in CI/CD pipelines and explore effective strategies to mitigate vulnerabilities and protect applications in production environments.

CI/CD for Industrial Applications: This course also addresses securing large-scale hardware and software environments in industrial settings, the unique challenges of securing large codebases and complex deployment architectures.

At the end of this course, participants will have the expertise to design and implement secure CI/CD pipelines that meet industry standards and follow ´best practices´.

Overview of the Training »Security in CI/CD and Microservice Architectures«

Event Type Presence with us or in-house
Level Basic
Prerequisites

No prerequisites.

Helpful: Basic knowledge of software development processes, familiarity with container technologies (docker, etc.), familiarity with version management systems (Git, etc.)
Duration 2 Days 
Language German, English
Participation fee EUR 1,400, - per person
Contact Request
Your Advantages at a Glance

After the seminar you will be able to...

... apply the basics of ‘DevSecOps’.

... use key technologies and methods to create secure CI/CD pipelines.

... deal with the interpersonal as well as technical problems that arise from the introduction of ‘DevSecOps’.

... use modern testing methodologies and tools as well as integrate them into CI/CD processes in the area of application security testing.

... understand the technical and organisational challenges involved in developing secure software systems.

Target Groups
  • Developers and process owners in teams using CI/CD and DevOps
  • Software companies
  • IT service providers
  • Operators of IT infrastructure and cloud systems
  • Other companies, authorities, etc. that operate with / use cloud infrastructure
Content

Inhouse Course:

  • Introduction
    • What is CI/CD and CI/CD security?
    • What CI/CD environments are there?
    • What are microservices?
  • Application security tests in CI/CD
    • Implementing CI/CD with GitLab
    • Static analysis with SonarQube
    • OWASP dependency check
  • Security of the CI/CD pipeline
    • What is pipeline security?
    • Potential threats to pipeline security
    • Possible tool support for CI/CD pipeline security
    • Integration of the tools in a CI/CD pipeline
    • Authorisations, role and rights management
    • Identity and access management (IAM), secrets management, dependency management
  • Summary


Supplementary online course:

  • The software development process
  • DevOps for an optimised software development process
  • Automation using CI/CD
  • Secure CI/CD
    • Management of secrets (secrets management) and security of log-in information (credential security)
    • Containerisation
    • Example implementations
  • Best practices
Trainers

Andre Plötze (andre.ploetze@fokus.fraunhofer.de)

  • Studied at the FU Berlin with specialisation and master's thesis on IT security
  • Over 5 years of professional experience in the development of complex software systems
  • Trainer at the Fraunhofer Academy specialising in security testing
     

Abishek Shrestha (abhishek.shrestha@fokus.fraunhofer.de)

  • Over 4 years of professional experience in the field of machine learning
  • Scientific publications on research topics focussing on ML and security
  • Experienced trainer and course developer with many years of experience
  • ML and security expert with industry experience
  • Trainer at the Fraunhofer Academy specialising in ML, security and testing
     

Dorian Knoblauch (dorian.knoblauch@fokus.fraunhofer.de)

  • Over 5 years of professional experience with ML
  • Scientific publications Scientific publications on research topics with a focus on ML, auditing and verification of AI and security
  • Trainer at the Fraunhofer Academy with a focus on ML, security and testing

Contact

Contact Press / Media

Anne Halbich

Fraunhofer Institute for Open Communication Systems
Kaiserin-Augusta-Allee 31
10589 Berlin, Germany

Phone +493034637346

Melden Sie sich zu unserem Newsletter an!

Erhalten Sie regelmäßig Neuigkeiten und exklusive Inhalte direkt in Ihr Postfach.
Bitte füllen Sie das Pflichtfeld aus.

Bitte füllen Sie das Pflichtfeld aus.