Devsecops
Public syllabus for 2025-2026
Academic overview
Teaching team
Learning time distribution
| Total | ||||||
|---|---|---|---|---|---|---|
| Curriculum | Lecture | Practice | Total Weekly | Lecture | Practice | |
| 42 | 28 | 14 | 3 | 2 | 1 | |
| Exam hours | ||||||
| 7 | ||||||
| Individual Study | Bibliography study | Field study | Homework | Tutoring | Others | |
| 101 | 40 | 36 | 18 | 7 | 0 | |
| Overall | ||||||
| 150 |
Learning outcomes
Knowledge
- C1. Fundamentals of DevSecOps principles
- C2. Knowledge of DevSecOps stages
Skills
- A1. Ability to understand DevSecOps requirements
- A2. Ability to identify solutions and tools required in a specific DevSecOps stage
- A3. Ability to apply DevSecOps principles
Responsibility
- R1. Implement DevSecOps mechanisms in a specific stage
- R2. Ability to assess and improve existing DevSecOps or DevOps implementations
Online platform
Course content
| Content | Methods | Obs |
|---|---|---|
| C1. Introduction to DevOpsDevOps compared to other frameworks. Introduction to DevSecOpsDevSecOps compared to DevOpsReal life use cases | Lecture, conversation, exemplification | |
| C2. Git, GithubWhat is versioning controlGit in projectsCLI commandsRepositoryBranching / merging / pull requestsContinuous IntegrationContinuous Deployment | Lecture, conversation, exemplification | |
| C3. TestingTesting strategiesUnit testing Selenium testingBuild testing | Lecture, conversation, exemplification | |
| C4. DockerIntroduction to container registries and DockerHubDockerfile structure and instructionsBuild a Docker imageRun a Docker containerSecure a docker imageUse docker-compose for multi container deploymentsContainer networkingContainer persistent volumes | Lecture, conversation, exemplification | |
| C5. KubernetesIntroduction to KubernetesKubernetes deploymentsKubernetes ServicesKubernetes SSL IngressDeploy a Docker image to KubernetesUpdate a Kubernetes deployment | Lecture, conversation, exemplification | |
| C6. Software Development Lifecycle and DevSecOps maturity modelPlanning, analysis, design, implementation, testing & integration, maintenanceA dive into the 17 sub-dimensions of DevSecOps OWASP Maturity Model | Lecture, conversation, exemplification | |
| C7. Static Component AnalysisStatic Application SecurityWorking with SonarQubeDynamic Application Security | Lecture, conversation, exemplification | |
| C8. Infrastructure as a Code introductionIntroduction to TerraformCreating a DevSecOps infrastructure using TerraformConfigure self-hosted GitHub runners | Lecture, conversation, exemplification | |
| C9. Infrastructure as a Code securityCodified security - how to write secure infrastructure as a code template, before deploymentHow to work with 3rd party solutions for IaC SecurityTreating vulnerabilities identified by IaC Security tools | Lecture, conversation, exemplification | |
| C10. Monitoring and MeasurementInstallation & administration of Grafana and Prometheus.Monitoring configurationPushing MetricsQuerying dataSetting up AlertsUse cases | Lecture, conversation, exemplification | |
| C11. Security through LogsWorking with SplunkDeployment of Splunk Universal ForwardersConfiguration of Splunk agentsConfiguration of Splunk indexesCreating Splunk queries and reportsSplunk architecture review | Lecture, conversation, exemplification | |
| C12. Secure application developmentDevelop a secure application and submit it to a DevSecOps pipelinePython programming languageFlask API frameworkMySQL databaseREST API architectureLogging your application | Lecture, conversation, exemplification | |
| C13. Planning and designingPlanning tasks and project tasks using JiraUse cases for JiraInstallation and configuration of JiraJira terminologiesWorking with Jira ProjectsUsing subtasksLink issuesPlatform interaction | Lecture, conversation, exemplification | |
| C14. Wrap Up & Final Projects ReviewReal-world Case StudiesFinal projects presentation & review | Lecture, conversation, exemplification |
Course bibliography
Bibliography:
Seminar content
| Content | Methods | Obs |
|---|---|---|
| L1. Settings up a local development environment using Visual Studio CodeInstalling Visual Studio Code extensionsCreating Github account and linking with VSCCreate a project, submit commits, resolve an issue and close Pull Request | Slide deck, conversation, learning together, practical hands-on. | |
| L2. More Git commands (merge, stash, revert, etc.)Develop a continuous integration pipeline for a template applicationDevelop a continuous deployment pipeline for a template application | Slide deck, conversation, learning together, practical hands-on. | |
| L3. Develop a testing suite for a template applicationRun multiple testing strategiesAnalyze testing reports and solve multiple tasks | Slide deck, conversation, learning together, practical hands-on. | |
| L4. Dockerize a template applicationWrite a base imageCreate a docker-compose deployment file, using 2 custom and 1 existing imageUsing docker-compose networking and persistent volumes | Slide deck, conversation, learning together, practical hands-on. | |
| L5. Analyze a Kubernetes master components: Kube-apiserverEtcdKube-schedulerkube-controller-managerUnderstanding kubernetes nodes: KubeletKube-proxy container runtimeWorking with Kubernetes Addons:web ui, container resource monitoring, cluster-level loggingDeploy a Dockerized application Kubernetes.Deploy a Kubernetes deploymentWorking with Kubernetes services | Slide deck, conversation, learning together, practical hands-on. | |
| L6. Review-Dockerize a template applicationConvert docker-compose to Kubernetes deploymentFix potential Kubernetes bugsRunning an end-to-end deployment, together with automated code testing | Slide deck, conversation, learning together, practical hands-on. | |
| L7. Scanning external libraries in a template project. Removing potential security vulnerabilities from the projectConfiguring SAST for a template project. Configure DAST for a template project.Automate the process using DevSecOps CI/CD pipelines | Slide deck, conversation, learning together, practical hands-on. | |
| L8. Installing Terraform SDKWriting Terraform templatesDeploy Terraform infrastructure Update your configuration with more resourcesTerraform Providers, Functions, Variables and Resource creation | Slide deck, conversation, learning together, practical hands-on. | |
| L9. Test Terraform files for security vulnerabilities in VSCTest TF files for security vulnerabilities in the build pipelineRunning Enterprise level solutions for testing your infrastructure as a code deploymentWorking with security vulnerabilities reports | Slide deck, conversation, learning together, practical hands-on. | |
| L10. Installing and administration of Grafana and PrometheusConfiguring solutionsPushing metrics, query data, set up alertsCreating custom dashboards | Slide deck, conversation, learning together, practical hands-on. | |
| L11. Installation of SplunkCreating Splunk ForwardersSplunk administrationConfiguration of Splunk AgentsCreating Splunk queriesRunning automatic Splunk reportsSplunk custom DashboardsSplunk applications | Slide deck, conversation, learning together, practical hands-on. | |
| L12. DevSecOps implementation, P1Create a Python application using Flask framework.Create Github repositoryDevelop Dockerfile and Kubernetes deploymentRun locally | Slide deck, conversation, learning together, practical hands-on. | |
| L.13 DevSecOps implementation, P2Create testing suiteAutomatically run tests when a new push is committedAutomatically push deployment to a Kubernetes cluster (locally / cloud) | Slide deck, conversation, learning together, practical hands-on. | |
| L.14 DevSecOps implementation, P3Implement application monitoring logging solution and save data in SplunkVisualize infrastructure logs in a separate deployment of Grafana and Prometheus | Slide deck, conversation, learning together, practical hands-on. | |
| Bibliography: |
Seminar bibliography
Class contents correspond to the curricula of other universities, from inside the country or from the European Union. The practical contents (laboratory works) correspond to the local labor market requirements. /Conținutul disciplinei corespunde curriculei din alte centre universitare, din țară sau Uniunea Europeană. Conținuturile practice (lucrări de laborator) corespund cerințelor de pe piața muncii locală. The content is in line with the structure of similar courses at other universities and covers aspects necessary for familiarization to DevSecOps principles and relevant cybersecurity mechanism during application development lifecycle. The ability to understand modern application development lifecycle is a main component of developing a career in Cybersecurity as a specialized DevSecOps engineer. Once this course is passed, the candidate will possess highly specialized knowledge regarding DevSecOps.
Corroboration
(none)
AI tools guidance
Evaluation and delivery
| Activity | Criteria | Methods | Percentage |
|---|---|---|---|
| C |
|
|
|
| S |
|
|
|
| S |
|
|
|
Performance standards
Basic Dev(Sec)Ops concepts, successfully operate some of the tools presented in the course, e.g. docker cli, kubectl / kubernetes clis / ui-s, splunk, grafana, git cli / web ui
Additional info
-