From 2dab69c5f5b3a34e86a76bc5bf03ee6fbb5446b8 Mon Sep 17 00:00:00 2001 From: Milan Milanovic Date: Mon, 31 Mar 2025 09:16:40 +0200 Subject: [PATCH] Update for DevSecOps --- README.md | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 53c9a55..8b7ead4 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ Download [PDF version](DevOps%20Roadmap.pdf). - [10. Learn Monitoring & Observability](#10-learn-monitoring--observability) - [11. Learn one Cloud provider](#11-learn-one-cloud-provider) - [12. Learn Software Engineering Practices](#12-learn-software-engineering-practices) + - [Bonus: Learn DevSecOps Fundamentals](#bonus-learn-devsecops-fundamentals) - [Additional resources](#additional-resources) - [Tools](#tools) - [Books](#books) @@ -81,12 +82,16 @@ Here you need to learn basic concepts of programming languages, such as syntax, Resources: -- [Automate the Boring Stuff with Python book](https://automatetheboringstuff.com/) FREE -- [Python Crash Course](https://ehmatthes.github.io/pcc/) FREE -- [The Modern JavaScript Tutorial](https://javascript.info/) FREE -- [JavaScript Crash Course For Beginners](https://www.youtube.com/watch?v=hdI2bqOjy3c) FREE -- [Eloquent JavaScript, 3rd edition](https://eloquentjavascript.net/), Marjin Haverbeke FREE book -- [Go by Example](https://gobyexample.com/) FREE +- Python: + - [Automate the Boring Stuff with Python book](https://automatetheboringstuff.com/) FREE + - [Python Crash Course](https://ehmatthes.github.io/pcc/) FREE +- JavaScript: + - [The Modern JavaScript Tutorial](https://javascript.info/) FREE + - [JavaScript Crash Course For Beginners](https://www.youtube.com/watch?v=hdI2bqOjy3c) FREE + - [Eloquent JavaScript, 3rd edition](https://eloquentjavascript.net/), Marjin Haverbeke FREE book +- Go + - [Go by Example](https://gobyexample.com/) FREE + - [Learn Go with Tests](https://quii.gitbook.io/learn-go-with-tests) FREE ### 3. Learn Linux & Scripting @@ -171,6 +176,7 @@ Resources: - [Docker Mastery: with Kubernetes + Swarm from a Docker Captain](https://www.udemy.com/course/docker-mastery/) Udemy course - [What is Service Mesh?](https://www.redhat.com/en/topics/microservices/what-is-a-service-mesh) FREE - [DevOps with Kubernetes](https://devopswithkubernetes.com/) FREE +- [OCI Specification](https://github.com/opencontainers/image-spec/blob/main/spec.md) ### 7. Learn Container Orchestration @@ -203,7 +209,7 @@ Sometimes referred to as **IaC**, it refers to the techniques and tools used to **Terraform** is the most popular infrastructure provisioning tool, but there are others such as Ansible, Chef, Puppet, and Vagrant. -Here you need to know how to do **infrastructure provisioning** and **configuration management**, but also how to write **Terraform modules**. +Here you need to know how to do **infrastructure provisioning** and **configuration management**. Resources: @@ -308,8 +314,10 @@ Resources: - AWS: - [Ultimate AWS Certified Cloud Practitioner - 2022](https://www.udemy.com/course/aws-certified-cloud-practitioner-new) Udemy - [AWS Developer by A Cloud Guru](https://acloudguru.com/learning-paths/aws-developer) Learning path + - [AWS Well-Architected](https://aws.amazon.com/architecture/well-architected/) FREE - Google Cloud: - [Google Cloud Associate Cloud Engineer Course](https://www.youtube.com/watch?v=jpno8FSqpc8) FREE + - [Google Cloud Well-Architected Framework](https://cloud.google.com/architecture/framework) FREE ### 12. Learn Software Engineering Practices @@ -330,6 +338,24 @@ Resources: - [GitLab - Beginner's Guide to DevOps](https://page.gitlab.com/resources-ebook-beginners-guide-devops.html) FREE - [Common SDLC Models](https://www.scaler.com/blog/software-development-life-cycle/#common-sdlc-models) FREE +### Bonus: Learn DevSecOps Fundamentals + +Security must be integrated throughout the DevOps lifecycle rather than added as an afterthought. + +Here you will need to learn how to integrate security into the DevOps pipeline, and how to automate security testing (SAST and DAST). + +Also, you need to know how to manage secrets and credentials, and how to set up security policies. + +Resources: + +- [OWASP DevSecOps Guideline](https://owasp.org/www-project-devsecops-guideline/) FREE +- [Supply Chain Levels for Software Artifacts (SLSA)](https://slsa.dev/) FREE +- [HashiCorp Vault Documentation](https://developer.hashicorp.com/vault/docs) FREE +- [Trivy Documentation](https://trivy.dev/latest/) FREE +- [Falco Runtime Security](https://falco.org/docs/) FREE +- [DevSecOps: A leader's guide](https://www.devsecops.org/) FREE +- [Container Security](https://www.oreilly.com/library/view/container-security/9781492056690/) book + ## Additional resources