SHIP-HATS Advanced for DevSecOps Engineers

Join SHIP-HATS Waitlist for updates
Enquiry
Programme Code D292
Domain
Applications Development
Level
Foundation
Learning Partner(s)
GovTech
Duration
1 Day
Format In-person
Rating
Competencies
DevOps Methodologies
Job Roles
Software Engineer DevOps Engineer Solutions Architect Systems Engineer

Overview

Elevate your skills with the Advanced SHIP-HATS Training, tailored for DevSecOps engineers seeking to master secure, scalable software delivery pipelines. Focused on an "Everything as Code" philosophy, this hands-on course empowers you to leverage SHIP-HATS End-to-End (e2e) templates for CI/CD, infrastructure as code, compliance, and secure application development.

Discover advanced SHIP-HATS architecture concepts, from secure access control to GitLab runners and private link endpoints. Gain expertise in implementing automated testing, application security, license risk mitigation, and compliance integration through real-world scenarios.

Explore the latest AI-powered tools, including chatbots and copilots, to boost coding efficiency and security. Dive into forward-looking practices like GCC+ standards, SLSA frameworks, and self-service techniques using robust documentation and chatbots. Through engaging hands-on exercises, build and deploy a Python web application, integrate security tools, and apply compliance frameworks. Get ready to accelerate delivery timelines while ensuring top-notch security and quality.

Key Takeaways

At the end of this programme, you will be able to:

  • Gain hands-on experience with SHIP-HATS End-to-End (e2e) templates for CI/CD, infrastructure as code, and project management as code, understanding the design rationale behind these templates
  • Build and deploy a Python web application with compliance frameworks integrated into pipelines
  • Understand and implement compliance frameworks, including applying webapp-compliance to example pipelines
  •  Ensure secure and scalable solutions, explore architecture concepts, including AWS VPC Endpoint, private link configurations, runners, and GitLab groups
  • Enhance pipeline quality using automated testing, license risk management, application security, and compliance monitoring
  • Utilise frameworks like SLSA to secure the software supply chain and ensure artifact integrity
  • Explore AI-powered tools such as chatbots and copilots to optimise code execution and security practices
  • Stay informed about upcoming capabilities, such as GCC+ integration in SHIP-HATS and to prepare for future advancements

Who Should Attend

  • Please refer to the job roles section.

Prerequisites

  • This is an intensive programme to learn how to adopt SHIP-HATS. It is highly relevant to engineers looking to expand their skills to use advance SHIP-HATS.
  • You must have prior working experience or knowledge in SHIP-HATS, DevOps, setting up and running CI/CD pipelines, and GitLab platform.
  • New to SHIP-HATS? We recommend the SHIP-HATS Fundamentals for DevSecOps Engineers to build a strong foundation in SHIP-HATS before attending this programme.

This programme will cover the following topics:

Recap of DevSecOps:

  • DevSecOps concepts overview
  • Recap of SHIP-HATS features

DevSecOps Maturity and Value Stream Implementation:

  • Purpose: Streamline and secure business delivery processes using dashboards and metrics
  • Key Topics:
    • Dora Metrics and Value Stream Alignment
    • GitLab Value Stream Analytics
    • Tools: GitLab Dashboard, CodeScape Dashboard, Security Dashboard, DevSecOps Maturity Report
  • Hands-On Activities:
    • Improve an existing pipeline (e.g., bottleneck tracking, caching, parallelisation)
    • Optimise delivery efficiency through value stream analysis

Compliance Alignment and Integration:

  • Purpose:
    • Emphasise the importance of integrating compliance into DevSecOps workflows
    • Implementing compliance frameworks within their pipelines using GitLab
  • Key Topics:
    • Continuous Compliance Workflow: Checkpoints → CI/CD Integration (e.g., IM8, GovTech Compliance Framework)
    • SLSA and other frameworks
  • Hands-On Activities:
    • Set CF Level and monitor differences
    • Q&A for user-specific queries

Dive into Templates:

  • Purpose: Understand, find, and develop templates for DevSecOps workflows
  • Key Topics:
    • Templates concepts, syntax, and examples
  • Hands-On Activities:
    • Search, integrate, and read templates
    • Trace variable definitions and jobs within templates
    • Optional: Develop and publish a custom template

Managing and Resolving Security Issues:

  • Purpose: Equip participants to interpret and resolve security vulnerabilities effectively
  • Key Topics:
    • Security Essentials
    • Tools and benchmarks for effective security management
  • Hands-On Activities:
    • Interpret SAST and SCA results
    • Prioritise and remediate security issues
    • Optional: Discuss participants’ security management experiences

Configurations and Hardening:

  • Purpose: Optimise GitLab Runners for security, scalability, and integration
  • Key Topics:
    • Hardening Images
    • User accounts, permissions, and tokens
  • Resources:
    • GitLab Runners documentation

The Impact of AI on DevSecOps:

  • Purpose: Leverage AI for automation, predictive analytics, and threat detection
  • Key Topics:
    • Gen-AI Coding Assistants in DevSecOps
    • AI Tools: GitLab Duo, Hivemind, AIOps, and LLMOps
  • Optional Discussion:
    • AI safeguards and red teaming practices

Q&A and Open Discussions:

  • Wrap-up session with time for participant queries
Complimentary.

Upcoming Classes

Class 1
11 Mar 2025 to 11 Mar 2025 (Full Time)
Duration: 1 day
When: Mar - 11
Time : 9:00am - 6:00pm
Class 2
15 Apr 2025 to 15 Apr 2025 (Full Time)
Duration: 1 day
When: Apr - 15
Time : 9:00am - 6:00pm
Class 3
22 Apr 2025 to 22 Apr 2025 (Full Time)
Duration: 1 day
When: Apr - 22
Time : 9:00am - 6:00pm
Class 4
15 May 2025 to 15 May 2025 (Full Time)
Duration: 1 day
When: May - 15
Time : 9:00am - 6:00pm

1. For GovTechies:

Please register via Workday.

2. For Other WOG officers:

Please obtain necessary approvals from your agency’s internal training request/HR system. Do share this Agency-Sponsored Registration Form with your relevant HR/L&D colleague. Upon completion of details, attach the file to submit via FormSG. Learn more about DA’s registration for WOG public service officers.

3. For Vendors Appointed by Government Agencies:

Please engage your Government Agency's Subscription Admin (SA) to fill in the Vendor Registration Form. Upon completion of details, please attach the file and submit via Form.sg. Do note that direct submissions by Vendors will not be accepted.

Discover more

programmes for you

Not sure where to start?
Our DA  Upskilling Guide maps
programmes to your job role.

Browse