CommandStack
Training: From Zero→Hero
Advanced Track · Enterprise Security Pipeline

7‑Week DevSecOps Bootcamp

Build a secure CI/CD for a micro‑services Student Portal with SAST, SCA, IaC scanning, container scanning, DAST, SBOMs, OPA policies, image & artifact signing, runtime detection, and compliance mapping — shipped to cloud with dashboards and gates.

Apply Now See Curriculum
Cadence4 days/week4 hrs/day · 112 hrs total
CapstoneSecure CI/CD3 services + vuln apps
ControlsPolicy GatesCVSS > 7 blocked
ReportingDashboardsRisk trends & SBOMs

Toolchain you’ll master

GitHub Actions Vault / GitHub Secrets Gitleaks SonarQube / ESLint / Bandit OWASP Dependency‑Check / npm audit Docker (distroless) Trivy (image/IaC) Checkov / tfsec OPA / Conftest Cosign (sign/verify) ZAP (DAST) Syft / Grype (SBOM) Falco (runtime) OpenTelemetry Grafana Dashboards Juice Shop / DVWA

Pipelines simulate enterprise controls on lightweight services for maximum realism without heavy infra.

Who is this for?

DevOps/SRE/Platform engineers ready to layer security into delivery. Expect policy‑driven pipelines, code reviews, and audits.

  • Comfortable with Git & CI basics
  • Some Docker/Terraform experience helps
  • Strong desire to automate compliance

Outcomes

  • Repo hardening (branch rules, signed commits)
  • Secrets management with Vault/GitHub
  • SAST, SCA, IaC, container scans in CI
  • DAST & API fuzzing against staging
  • Cosign‑signed images & artifacts
  • SBOM generation + Grype analysis
  • OPA/Conftest policy gates (CVSS > 7)
  • Falco runtime detection + alerts
  • Compliance mapping to SOC2/ISO/HIPAA

Curriculum at a Glance (7 Weeks)

Week 1 — Foundations & SAST

  • Threat modeling (STRIDE), repo setup
  • CI bootstrap + branch rules, signed commits
  • Secrets: Vault/GitHub; Gitleaks scan
  • SAST: SonarQube/ESLint/Bandit — fix criticals

Week 2 — SCA & Containers

  • Dependency‑Check + npm audit w/ suppressions
  • Trivy image scans; patch base images
  • Distroless multi‑stage Dockerfiles
  • Cosign: sign & verify images in CI

Week 3 — IaC Security & Policies

  • tfsec/Checkov for Terraform
  • OPA/Conftest: block 0.0.0.0/0; enforce tags
  • Assemble CI stages: Build→Test→SAST→SCA→IaC
  • Dashboards for scan results

Week 4 — DAST, Fuzzing & Runtime

  • OWASP ZAP baseline + auth scans
  • REST API fuzzing (upload endpoint)
  • Falco runtime detection + custom rules
  • OpenTelemetry metrics & alerts

Week 5 — Cloud Security & Supply Chain

  • IAM least‑privilege review for services
  • SBOMs via Syft; analyze with Grype
  • Cosign provenance; verify in pipeline
  • Risk reporting & remediation plan

Week 6 — Governance, Gates & Chaos

  • Map controls to SOC2/ISO/HIPAA
  • Pipeline gate: block CVSS > 7
  • Chaos: simulate node compromise; response
  • Executive dashboard for stakeholders

Week 7 — Capstone & Defense

  • Full pipeline: Build→Test→SAST→SCA→IaC→Scan→DAST→Deploy
  • Staging→Prod run with rollback plan
  • Final security assessment + SBOMs
  • Capstone defense & architecture review

Capstone — Secure Delivery, End‑to‑End

Three micro‑services (Auth, Courses, Assignments) + vulnerable apps (Juice Shop/DVWA) to exercise scans and gates. Everything signed, scanned, and observed.

Cosign‑signed Images OPA Policy Gates ZAP DAST SBOMs (Syft) Falco Rules

Daily Flow (4 hrs)

  • Kick‑off & goal (15m)
  • Concepts + live demo (90m)
  • Break (15m)
  • Guided lab/project (90m)
  • Debrief & verification (30m)

Everything built live — no homework required.

Upcoming Cohort

Duration: 7 weeks · Schedule: 4 days/week × 4 hrs/day (Evenings, America/Chicago)
Exact start date/time will be finalized with the batch.

Format: Live online, recordings provided. Strict daily labs. Weekly milestones.

Tuition

$ 300per seat

Early‑bird and group pricing available. Limited seats to maintain quality.

Speak to admissions for EMI plans & scholarships.

Admissions & Placement Support

  • Pre‑work + baseline assessment
  • 1:1 resume + LinkedIn revamp
  • Interview prep & mock panels
  • Portfolio review and live demo coaching

Ready to secure delivery?

Apply now to reserve your seat. Include your background and goals—expect a short call to confirm fit.

Apply Now Talk to Admissions

Company team? Ask about a private cohort tailored to your governance needs.