DevSecOps School

Introduction & Overview Container hardening is a critical security practice in modern software development, particularly within the DevSecOps framework, where security is integrated into every phase of the development lifecycle. This tutorial provides a comprehensive guide to container hardening, exploring its principles, implementation, and real-world applications. Designed for developers, security engineers, and DevOps professionals, it … Read more

Introduction & Overview What are Admission Controllers? Admission Controllers are Kubernetes plugins that intercept and process requests to the Kubernetes API server before objects (e.g., pods, deployments) are persisted. They enforce policies, validate configurations, or mutate resources to ensure compliance with organizational standards. History or Background Introduced in Kubernetes 1.0 (2015), Admission Controllers have evolved … Read more

Introduction & Overview What is Kyverno? Kyverno, derived from the Greek word for “govern,” is an open-source policy engine designed specifically for Kubernetes. It enables platform engineers and DevSecOps practitioners to define, enforce, and validate policies as Kubernetes-native resources using YAML. Unlike general-purpose policy engines, Kyverno leverages Kubernetes Custom Resource Definitions (CRDs) to manage policies … Read more

Introduction & Overview What is OPA (Open Policy Agent)? Open Policy Agent (OPA) is an open-source, general-purpose policy engine that enables unified, context-aware policy enforcement across the software stack. It allows organizations to define and enforce policies as code, ensuring compliance, security, and operational consistency in modern cloud-native environments. History or Background OPA was created … Read more

Introduction & Overview Pod Security Policies (PSP) are a critical Kubernetes feature for enforcing security constraints on pods, aligning seamlessly with DevSecOps principles of integrating security into development and operations. This tutorial provides an in-depth exploration of PSP, covering its concepts, setup, real-world applications, and best practices, tailored for DevSecOps practitioners. What is Pod Security … Read more

Introduction & Overview Kubernetes Role-Based Access Control (RBAC) is a critical security mechanism for managing access to resources in Kubernetes clusters. In the DevSecOps paradigm, where security is integrated into every phase of the development lifecycle, RBAC plays a pivotal role in ensuring secure, scalable, and compliant operations. This tutorial provides an in-depth exploration of … Read more

Introduction & Overview Docker is a cornerstone technology in modern software development, particularly in DevSecOps, where it facilitates rapid, secure, and consistent application deployment. This tutorial provides an in-depth exploration of Docker, its architecture, integration into DevSecOps workflows, and practical applications. By the end, you’ll understand Docker’s core concepts, how to set it up, and … Read more

Introduction & Overview AWS Config is a powerful service for managing and auditing cloud resource configurations, playing a pivotal role in DevSecOps by ensuring security, compliance, and operational efficiency. This tutorial provides an in-depth exploration of AWS Config, tailored for DevSecOps practitioners. It covers core concepts, setup, real-world use cases, benefits, limitations, best practices, and … Read more

Introduction & Overview What is CloudTrail? AWS CloudTrail is a service provided by Amazon Web Services (AWS) that records and logs all API calls and activities within an AWS account. It captures detailed information about actions taken by users, roles, or AWS services through the AWS Management Console, AWS CLI, SDKs, or APIs. These logs … Read more

Introduction & Overview What is CNAPP? A Cloud-Native Application Protection Platform (CNAPP) is an integrated security platform that consolidates multiple cloud security capabilities to protect cloud-native applications across their entire lifecycle, from development to runtime. Coined by Gartner in 2021, CNAPP combines functionalities such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), … Read more