Event Overview
This half-day hands-on workshop, delivered by The SamurAI's DevSecOps engineering team, walks participants through implementing automated security controls in modern CI/CD pipelines. Participants will work through real-world scenarios using GitHub Actions, Terraform, and open-source security scanning tools.
Lab Exercises
- Secrets Detection — Configure pre-commit hooks and CI checks that prevent credential leaks before they reach version control
- Container Security — Build a pipeline stage that scans Docker images for vulnerabilities and blocks deployment of non-compliant images
- Infrastructure-as-Code Policy — Write and enforce OPA/Rego policies that prevent common cloud misconfigurations in Terraform
- SAST Integration — Add static analysis to pull request workflows with automated code review comments
Prerequisites
- Basic familiarity with Git, GitHub, and CI/CD concepts
- A laptop with Docker and a code editor installed
- A free GitHub account (repositories will be provided)
Details
- Format: In-person or virtual hands-on workshop
- Duration: 4 hours
- Group size: Maximum 20 participants
Contact The SamurAI to schedule this workshop for your engineering team. Custom lab scenarios aligned to your specific technology stack are available upon request.
