CSC 1029 Week 04: DevSecOps Overview

Questions and Answers

What is the primary goal of DevSecOps?

To ensure that only security specialists handle security-related tasks.

To integrate security tools into existing DevOps workflows.

To eliminate all security risks in software development.

To promote a culture of security awareness across teams. (correct)

What does CI/CD stand for in the context of software development?

Collaborative Integration/Collaborative Deployment

Continuous Integration/Continuous Delivery (correct)

Critical Infrastructure/Critical Development

Code Integration/Code Deployment

Which platform is mentioned as a leading code hosting service that supports version control?

Bitbucket

GitHub (correct)

SourceForge

GitLab

What is a major challenge businesses face regarding security today?

Integrating security into the developer workflow.

Who plays a critical role in DevSecOps according to the provided content?

Security specialists who mentor and advise teams.

What is one of the methods of app deployment mentioned?

Virtual Machine deployment.

What does the National Convergence Technology Center aim to address?

Meet the workforce need for skilled specialists in convergence technology.

What is a key benefit of using Kubernetes for developer platforms?

It provides building blocks while preserving user choice.

What aspect of software development does Microsoft DevSecOps tools emphasize?

Collaboration between developers, security practitioners, and IT operators.

Why is documentation critical in teams using the latest tools?

It helps share learned lessons across teams.

Which of the following best describes the function of version control systems?

They allow developers to collaborate on projects and track changes.

What often gets overlooked in communication within IT teams?

Intent of communication

How is DevSecOps intended to transform team dynamics?

By fostering a culture where security is the responsibility of all team members.

Which of the following is NOT a characteristic of DevSecOps compared to DevOps?

Focuses solely on software development.

What is the next action listed in the content that needs to be completed for Week 04?

Complete the Week 04 Content Module to 100%.

What type of mentoring is available for students on campus?

Drop-in times available on-campus.

What is one consequence of failing to communicate documentation properly?

Lessons cannot be shared across teams.

Which feature is specifically highlighted as common in both DevOps and DevSecOps?

Collaboration among team members.

What is NOT a reason to utilize Kubernetes in deployment?

It reduces the flexibility of developer options.

According to the content, students are encouraged to utilize which resource for help?

24/7 online tutoring resources.

Study Notes

Course Information

• Course name: CSC 1029
• Course topic: DevSecOps

Objectives

• Understand security issues in today's business environments
• Identify different security roles within a business
• Understand how businesses struggle with security integration

Agenda Week 04

• DevOps and DevSecOps
• Microsoft DevSecOps
• IT Skills 2020 & Beyond
• Continuous Integration/Continuous Delivery (CI/CD)
• Version Control
• Application Deployment
• Kubernetes
• Future of DevSecOps
• Documentation
• To-do list and resources for help

What is DevOps and DevSecOps?

• DevSecOps fosters a "security for everyone" culture
• Every team member has a role in security
• Security specialists mentor, advise, and guide teams on security best practices
• Read the article at: https://www.redhat.com/en/topics/devops/what-is-devsecops

DevSecOps

• Watch the video to review Microsoft's DevSecOps Tools and Services
• Build secure applications on a trusted platform
• Integrate security into developer workflows, promoting collaboration between developers, security practitioners, and IT operators
• DevSecOps Tools and Dev Sec Ops Services | Microsoft Azure

IT Skills 2020 and Beyond

• National Convergence Technology Center created to meet workforce needs for Convergence, Information Technology, and Cybersecurity specialists
• Most critical IT job clusters identified in 2019, including Software Development, Technical Project Management, Data Analytics, Technical Support, Data Management, Engineering, Infrastructure Connectivity Management, and Security Engineering

CI/CD

• Continuous Integration/Continuous Delivery and Deployment pipelines
• Secure code development
• Build
• Analyze
• Plan
• Continuous Testing
• Verify
• Release
• Deploy
• Operate
• Defend

Version Contol: GitHub

• GitHub is a code-hosting platform
• Over 73 million developers contribute to software and open-source projects on GitHub
• GitHub uses version control and collaboration tools
• Git is the most widely used version control system today

Application Deployment

• Watch the video to understand app deployment
• Traditional deployment to physical servers
• Virtual machine deployment
• Container deployment

Kubernetes

• Kubernetes provides building blocks for developer platforms, respecting user choices and flexibility

DevOps vs DevSecOps

• Read the article: https://www.redhat.com/en/blog/devops-vs.-devsecops-heres-how-they-fit-together

Robust Documentation

• Teams must properly document concerns, allowing better knowledge sharing across teams
• Clear communication, including intent, is crucial for effective collaboration among team members

To-do

• Post weekly discussion questions and research solutions on D2L
• Complete Week 04 content module in D2L to 100%

Questions/Clarifications/Help

• Student office hours: by appointment via Zoom/drop-in times on campus
• Email: [email protected]
• RRCC On-Campus Tutoring: [link]
• 24/7 Online Tutoring: D2L > Content > Resources for Help

Description

This quiz covers the key concepts discussed in Week 04 of the CSC 1029 course, focusing on DevSecOps practices, tools, and integration into business environments. Understanding the roles within a team, security challenges, and future directions in DevSecOps will be essential for anyone looking to enhance their IT skills in 2020 and beyond.