This document provides an introduction to DevOps. It discusses what DevOps is, including continuous integration and continuous delivery pipelines. It describes the duties of a DevOps engineer, such as developing solutions for continuous delivery, infrastructure strategy, security, and more. It also covers topics like what is included in a CI/CD pipeline, securing a CI/CD pipeline, and common DevOps tools and technologies.

1. INTRO TO DEVOPS
@shawkyz1
@shawkyz

2. ABOUT ME
• Built multiple CI/CD Pipelines for businesses with different needs.
• Lived/Worked 4 Years in Germany and now I’m back to ‫الوطن‬ ‫أرض‬
• A Software Engineer at day, a Hacker by night.
• Love to automate everything.
• In love with Security and an OSCP Holder.
• Technical Consultant @S3Geeks
• Security and Systems Engineer @FuturaSolutionsGmbH

3. DEVOPS IN A NUTSHELL
• Problem: How do we get changes in production as fast as
possible?

4. WHAT IS AGILE

5. • Planning and requirements.
• Architecture and design.
• Test planning.
• Coding.
• Testing and results.
• Release and maintenance.
SDLC PHASES

6. WHAT IS A CI/CD PIPELINE

7. • The developer writes code and checks into distributed code versioning system like
Git/Bitbucket
• The check-in of code triggers the build in the CI server
• The CI server creates deploy-able artefacts for testing (EAR, WAR, JAR, Docker
images, binaries ) for testing
• Unit tests, Functional tests and System tests are done on the new build and issues
are reported
• Security and penetration testing are done on Production ready model.
• Continuous Integration can also help to set up your production environment
• If the build or tests fail, the CI server alerts the team through, Slack channels, Hip
Chat, Email
DEVOPS IN A NUTSHELL

8. DEVOPS ENGINEER DUTIES
• Understand the needs and challenges of a client across operations and development, and partner to formulate solutions
that support their business and technical strategies and goals
• Develop solutions encompassing technology, process and people for:
• Continuous Delivery
• Infrastructure strategy & operations (including cloud)
• Build and release management
• Basic understanding of Networking
• Security (fair understanding of application and infrastructure security)
• Recommend and Implement solutions. Be totally hands-on and have the ability to work independently
• Ensure delivery of exceptional technical solutions
• Maintain strong expertise and knowledge of current and emerging processes, techniques and tools
• Build the DevOps practice within ThoughtWorks and drive our thought-leadership externally
• Identifies and resolves problems in a timely manner
• Design, build and maintain the CI/CD infrastructure and tools to deliver Horizon Cloud Service
• Work closely with development teams to ensure that solutions are designed with customer user experience,
scale/performance and operability in mind

9. WHAT IS A CI/CD PIPELINE
 Developer commits changes to the source code repository
 Build server executes the master build script, or delegates execution to another server
» Checks out source code
» Builds executable version of the application
» Runs other jobs, such as testing and code inspection
 Team is notified of build results through a feedback mechanism
» If alerts are generated, the team takes immediate action to correct problems
» If a code fix is needed, developer commits the corrected code back to the repository; this
action kicks off a new build cycle.

10. ARCHITECTURE OF A CI BUILD SYSTEM
Definition: CI is the practice of regular, comprehensive, and automatic building
and testing of applications in software development.
Source: NASA IT Summit 2010

11. WHICH PLATFORM SHOULD I USE
Source: https://stackify.com/jenkins-teamcity-bamboo/

14. -‫ال‬ ‫ان‬ ‫بالك‬ ‫اخدت‬ ‫حضرتك‬deployment‫شغالة؟‬ ‫مش‬
-‫انت‬ ‫ال‬‫مبتعرفش‬‫تتكلم‬
‫ال‬ ‫كاتب‬ ‫اللي‬ ‫انا‬CI/CD Pipeline‫عبقري‬ ‫كنت‬ ‫و‬
‫ايه‬‫تاني‬‫؟؟‬

15. SECURE YOUR CI/CD
• Code Analysis. Analyze code for application specific vulnerabilities.
• Container Hardening. Remove unneeded libraries and packages; restrict functions.
• Image Scanning. Scan images for vulnerabilities at build; regularly in registries.
• Image Signing, e.g. Content Trust. Ensure trust with signing and author / publisher verification.
• User Access Controls, e.g. Registries. Restrict and monitor access to trusted registries and deployment
tools.
• Host and Kernel Security. Use SECCOMP, AppArmor, or SELinux or equivalent host security settings.
• Access Controls. Enable restricted access to system and Docker daemon.
• Auditing, e.g. Docker Bench. Perform security audit using Docker CIS benchmark.

16. SECURE YOUR CI/CD
• Network Inspection & Visualization. Inspect all container to container connections and build
visualization for application stack behavior.
• Threat Detection. Monitor applications for DDoS, DNS attacks and other network based application
attacks.
• Host & Container Privilege Escalation Detection. Detect privilege escalations on hosts and containers to
predict break outs and attacks.
• Packet Capture & Event Logging. Capture packets and event logs to enable forensics.

17. BUZZWORDS
• Containers
• Kubernetes
• Nagios and Monitoring
• ELK Stack

18. MONITORING

19. MONITORING

20. FOLLOW ME?
@shawkyz1
@shawkyz
@shawkyz1
https://shawkyz.info abdelrhmanshawky4@gmail.com