Training Module

SDLC Security

Learn how to embed security gates across your software development lifecycle — from commit hooks to production deploy policies. Make security a structural part of how your team works.

pipeline stages
commit pre-commit hook
PR open SAST scan
build deps check
deploy policy gate ✓

Curriculum

What you'll learn

1

Security as a structural property of your pipeline

Why ad-hoc security reviews don't scale, and how embedding security checks into your pipeline makes security a consistent property rather than a periodic activity.

2

Pre-commit hooks and local developer checks

Setting up pre-commit hooks to catch secrets in code, linting security anti-patterns, and running quick dependency checks before code is even committed.

3

CI/CD scan policies — SAST and SCA integration

How to add SAST (Static Application Security Testing) and SCA (Software Composition Analysis) to your CI pipeline. Configuring severity thresholds that make sense for your team's risk appetite.

4

Policy-as-code with SafeStack gates

Defining security policy in code — what should fail a build, what should warn, what should be reported. Keeping policy in version control alongside the code it governs.

5

Security definition-of-done

How to build a security checklist into your team's definition of done for every feature — a lightweight set of questions every engineer can answer before marking a ticket complete.

6

Measuring and improving security posture over time

Using team dashboard data to track vulnerability trends, measure the impact of training, and identify the vulnerability classes your team encounters most — so you can close those gaps.

Who It's For

For engineers owning the CI/CD pipeline

This module is designed for the engineers who own your build and deploy pipeline — DevOps engineers, platform teams, and tech leads who want security gates that actually work.

  • DevOps and platform engineers
  • Tech leads responsible for pipeline architecture
  • Engineering managers implementing security engineering standards

Prerequisites

Basic CI/CD familiarity

You should have basic familiarity with at least one CI/CD system (GitHub Actions, GitLab CI, CircleCI). No prior security knowledge required.

Example configurations are provided for GitHub Actions and GitLab CI — both adaptable to other CI systems.

Start the SDLC Security module free

Includes all pipeline configuration examples. Individual access is free.

Enrol free See team pricing