advanced
DevSecOps Guardrails
You will wire SAST/DAST hooks, container image scanning, and dependency policies into CI with exception workflows that security and devs both accept.
Logistics
4 weeks · 5h/week · Cohort · ¥132,000 JPY (informational)
Included focus areas
- Secrets scanning with revocation playbooks
- Container image signing introduction
- SBOM generation and storage hygiene
- Policy exceptions with expiry dates
- Threat modeling prompts for new services
- Secure defaults for Terraform modules
- Audit-friendly evidence packaging
Outcomes
- Publish a guardrail matrix mapped to CI stages.
- Run a tabletop on a leaked token scenario.
- Propose two quick wins for your current backlog.
Responsible instructor
Ren Kobayashi
Application security advisor for cloud-native teams.
FAQ
Pen testing?
We discuss coordination with external testers but do not perform live pen tests in class.
Compliance mapping?
We reference ISO27001-style controls at a high level only.
Limitation?
Mobile app-specific tooling is out of scope.
Experience notes
“Exception workflow template stopped our "just disable the check" habit.”