This is the repository for the LinkedIn Learning course Cloud Security for DevSecOps Engineers: From Security Models to API Protection. The full course is available from LinkedIn Learning.
This repository will contain the entire codebase and instructions for running Trivy scans within the CodeSpaces container.
Designed for new and early-career DevSecOps engineers, this course introduces cloud security through a DevSecOps lens. Get started by learning the fundamentals of cloud computing, service models, and the shared responsibility model. Explore the importance of key security services and control types, such as identity and access management (IAM), encryption, logging, and network segmentation, as well as API security fundamentals in cloud-native environments. Along the way, instructor Damien Burks dives into the essentials of infrastructure as code (IaC), showing you how to identify common risks, enforce compliance with policy as code, and automate security checks at scale using tools like Trivy. By the end of this course, you’ll be prepared to effectively apply key DevSecOps principles and concepts within the cloud security space.
This course is integrated with GitHub Codespaces, an instant cloud development environment that offers all the functionality of your favorite IDE without the need for any local machine setup. With GitHub Codespaces, you can get hands-on practice from any machine, at any time—all while using a tool that you’ll likely encounter in the workplace. Check out the “Using GitHub Codespaces with this course” video to learn how to get started.
After logging into your environment within GitHub Codespaces, you'll want to ensure that you follow the commands in the sections below.
Once your GitHub Workspace is running, open the terminal in Visual Studio Code and execute the following commands to install Trivy, a vulnerability and misconfiguration scanner:
sudo -i
wget https://github.com/aquasecurity/trivy/releases/download/v0.64.1/trivy_0.64.1_Linux-64bit.deb
dpkg -i trivy_0.64.1_Linux-64bit.deb
exitThis will download and install version 0.64.1 of Trivy in your workspace.
To output Trivy results in HTML format, download the HTML template provided by the Trivy project:
$ mkdir -p contrib
$ wget https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl -O contrib/html.tplAfter installation, you can begin scanning a configuration directory which contains the main.tf file by running the following command below:
trivy config --format template --template @contrib/html.tpl -o results.html 04_06/The results will be written to results.html. You can open the file directly in your browser to review the findings, as shown below:
Cloud DevSecOps Engineer & Founder of The DevSec Blueprint
Check out my other courses on LinkedIn Learning