Course Architecture Changes

docs/course/Topic-1-Software-Dev-and-DevSecOps/chapter-1-SDLC/index.md

@@ -0,0 +1,11 @@
+---
+title: Chapter 1 - Introduction to SDLC
+layout: custom
+parent: Topic 1 - Introduction to SDLC and DevSecOps
+has_children: false
+has_toc: false
+nav_order: 1
+---
+
+# Chapter 1 - Introduction to SDLC
+## What is the Software Development Lifecycle (SDLC)?

docs/course/Topic-1-Software-Dev-and-DevSecOps/chapter-2-version-control/index.md

@@ -0,0 +1,38 @@
+---
+title: Chapter 2 - Version Control 
+layout: custom
+parent: Topic 1 - Introduction to SDLC and DevSecOps
+has_children: false
+has_toc: false
+nav_order: 2
+---
+
+# Chapter 1 - Introduction to Version Control
+## What is version control?
+Version control is **a system that records changes to a file or set of files over time** so that you can recall specific versions later. It's a critical tool in modern software development, allowing developers to work collaboratively, track every modification, and revert to previous states if necessary.
+
+> **Example Scenario**
+>
+> Armine and Tigran are part of a software development team tasked with creating a new mobile application. Armine is tasked with refining the user authentication system, while Tigran is implementing an innovative feature that allows users to share media within the app.
+>
+> **Without Version Control**: If Armine and Tigran are editing the same file, Tigran's latest upload could accidentally overwrite the changes Armine made, resulting in a loss of progress and potential conflicts in the code.
+>
+> **With Version Control**: Armine and Tigran can work on their updates concurrently without the risk of interfering with each other's contributions. Here's how it unfolds:
+>
+> - Independently, they make their changes and commit their updates to the version control system, each creating a new version in the repository.
+>
+> - The version control system alerts them to the presence of new, separate updates, signaling that a merge of changes is necessary.
+>
+> - Together, they examine the differences, carefully integrate their respective code changes, and commit the unified version to the repository.
+>
+> - Should an issue arise with the authentication update, Armine can revert her portion of the code to a previous state without disrupting Tigran's feature, thanks to the version history maintained by the system.
+
+A common tool for version control is GitHub. GitHub allows you acts as a central hub for all of the different versions of your code, kind of how in google docs you can see the history of your changes. Though there are many different systems for version control, we will be learning using GitHubs features. The syntax and user interface of different products are different, but the core elements are the same. 
+
+### References 
+<details>
+  <summary>Expand</summary>
+    <b>1.</b> Atlassian. “What Is Version Control: Atlassian Git Tutorial.” <i>Atlassian</i>, <a href="https://www.atlassian.com/git/tutorials/what-is-version-control" target="_blank">www.atlassian.com/git/tutorials/what-is-version-control</a>. Accessed 15 Apr. 2024.<br>
+    <b>2.</b> “1.1 Getting Started - about Version Control.” <i>Git</i>, <a href="https://git-scm.com/book/en/v2/Getting-Started-About-Version-Control" target="_blank">git-scm.com/book/en/v2/Getting-Started-About-Version-Control</a>. Accessed 15 Apr. 2024.<br>
+    <b>3.</b> “What Is Version Control?” <i>GitLab</i>, GitLab, 4 Apr. 2023, <a href="https://about.gitlab.com/topics/version-control/" target="_blank">about.gitlab.com/topics/version-control/</a>.<br>
+</details>

docs/course/topic-2-DevOps/chapter-1-intro-to-devops/index.md → docs/course/Topic-1-Software-Dev-and-DevSecOps/chapter-3-intro-to-devOps/index.md

@@ -1,10 +1,10 @@
 ---
-title: Chapter 1 - Intro to DevOps
+title: Chapter 3 - Intro to DevOps
 layout: custom
-parent: Topic 2 - DevOps
+parent: Topic 1 - Introduction to SDLC and DevSecOps
 has_children: false
 has_toc: false
-nav_order: 1
+nav_order: 3
 ---
 # Introduction to DevOps
 ## Problem Space

docs/course/Topic-1-Software-Dev-and-DevSecOps/chapter-4-intro-to-cicd/index.md

@@ -0,0 +1,124 @@
+---
+title: Chapter 4 - Intro to CI/CD
+layout: custom
+parent: Topic 1 - Introduction to SDLC and DevSecOps
+has_children: false
+has_toc: false
+nav_order: 4
+---
+
+# Introduction to CI/CD
+<p>CI/CD, short for <strong>Continuous Integration and Continuous Delivery</strong>, is a part of the DevOps process. “It is a collection of principles and practices designed to help development teams ensure the reliable delivery of frequent code changes.”</p>
+
+<div style="text-align: center;">
+    <img src="https://www.mindtheproduct.com/wp-content/uploads/2015/12/409-images-for-snap-blog-postedit_image3-auto.png" alt="CI/CD Lifecycle" style="max-width: 50%; height: auto; margin: 0 auto;">
+    <p><em>Source: <a href="http://www.mindtheproduct.com/what-the-hell-are-ci-cd-and-devops-a-cheatsheet-for-the-rest-of-us/">Mind The Product</a></em></p>
+
+</div>
+
+## DevOps vs. CI/CD
+<!-- 
+<style>
+  table {
+    width: 100%;
+    border-collapse: collapse;
+    border: 1px solid #ddd;
+    margin-bottom: 20px;
+  }
+  th, td {
+    padding: 15px;
+    text-align: left;
+    border-bottom: 1px solid #ddd;
+    border-right: 1px solid #ddd;
+  }
+  th {
+    background-color: #333;
+    color: #fff;
+  }
+  th:last-child,
+  td:last-child {
+    border-right: none;
+  }
+  ul {
+    list-style-type: disc;
+    margin-top: 0;
+    padding-left: 20px; /* Adjusted padding for the bullets */
+  }
+  ul li {
+    margin-bottom: 5px;
+  }
+</style>
+-->
+<table>
+  <tr>
+    <th>Category</th>
+    <th>DevOps</th>
+    <th>CI</th>
+    <th>CD</th>
+  </tr>
+  <tr>
+    <td><strong>Purpose</strong></td>
+    <td>Facilitate collaboration and efficiency across the development lifecycle.</td>
+    <td>Automate testing to ensure code compatibility.</td>
+    <td>Automate deployment for seamless software releases.</td>
+  </tr>
+  <tr>
+    <td><strong>Methods</strong></td>
+    <td>
+      <ul>
+        <li>Implement automation to streamline collaboration between development and operations teams.</li>
+        <li>Use infrastructure as code (IaC) to provision and manage infrastructure.</li>
+        <li>Integrate continuous feedback loops to gather insights from stakeholders and improve processes iteratively.</li>
+      </ul>
+    </td>
+    <td>
+      <ul>
+        <li>Automate the build and testing process for every code change.</li>
+        <li>Identify integration issues early in the development lifecycle.</li>
+        <li>Support the principle of "fail fast" by providing rapid feedback to developers.</li>
+      </ul>
+    </td>
+    <td>
+      <ul>
+        <li>Encompass both Continuous Integration and Continuous Deployment.</li>
+        <li>Automate the deployment process to production environments.</li>
+        <li>Enable organizations to release software updates quickly and reliably while minimizing risks.</li>
+      </ul>
+    </td>
+  </tr>
+  <tr>
+    <td><strong>Key Benefits</strong></td>
+    <td>
+      <ul>
+        <li>Promotes a culture of shared responsibility and accountability.</li>
+        <li>Emphasizes the importance of automating repetitive tasks to reduce manual errors and increase efficiency.</li>
+        <li>Focuses on delivering value to customers through rapid and iterative development cycles.</li>
+      </ul>
+    </td>
+    <td>
+      <ul>
+        <li>Increases code quality by identifying issues early in the development process.</li>
+        <li>Speeds up the development cycle by automating build and testing processes.</li>
+        <li>Enables rapid feedback to developers for quick iterations.</li>
+      </ul>
+    </td>
+    <td>
+      <ul>
+        <li>Accelerates time to market by automating deployment processes.</li>
+        <li>Minimizes risks associated with manual deployments.</li>
+        <li>Enhances overall software reliability and stability.</li>
+      </ul>
+    </td>
+  </tr>
+</table>
+
+### References 
+<details>
+  <Summary>Expand</Summary>
+    <b>1.</b> Ashtari, Hossein et al. “Key Differences between CI/CD and DevOps.” <i>Spiceworks</i>, <a href="http://www.spiceworks.com/tech/devops/articles/cicd-vs-devops/" target="_blank">www.spiceworks.com/tech/devops/articles/cicd-vs-devops/</a>. Accessed 20 Feb. 2024.<br>
+    <b>2.</b> Ferringer, Megan. “Here’s the Difference between CI/CD and Devops-and How They Work Together to Drive Innovation.” <i>Navisite</i>, 2 Mar. 2023, <a href="http://www.navisite.com/blog/insights/ci-cd-vs-devops/" target="_blank">www.navisite.com/blog/insights/ci-cd-vs-devops/</a>.<br>
+    <b>3.</b> “What the Hell Are CI/CD and DevOps? A Cheatsheet for the Rest of Us.” <i>Mind the Product</i>, <a href="http://www.mindtheproduct.com/what-the-hell-are-ci-cd-and-devops-a-cheatsheet-for-the-rest-of-us/" target="_blank">www.mindtheproduct.com/what-the-hell-are-ci-cd-and-devops-a-cheatsheet-for-the-rest-of-us/</a>. Accessed 20 Feb. 2024.<br>
+    <b>4.</b> “The IDEAL & Practical CI / CD Pipeline - Concepts Overview.” <i>YouTube</i>, 17 Feb. 2022, <a href="https://www.youtube.com/watch?v=OPwU3UWCxhw" target="_blank">www.youtube.com/watch?v=OPwU3UWCxhw</a>.<br>
+    <b>5.</b> Morg, Brad. “How to Design a Modern CI/CD Pipeline.” <i>YouTube</i>, 17 Oct. 2023, <a href="https://www.youtube.com/watch?v=KnSBNd3b0qI" target="_blank">www.youtube.com/watch?v=KnSBNd3b0qI</a>.<br>
+    <b>6.</b> Morg, Brad. “How to Design a Deployment Pipeline (GitOps).” <i>YouTube</i>, 30 Oct. 2023, <a href="https://www.youtube.com/watch?v=pJ9f7w4AxtU" target="_blank">www.youtube.com/watch?v=pJ9f7w4AxtU</a>.<br>
+</details>

docs/course/Topic-1-Software-Dev-and-DevSecOps/chapter-5-intro-to-devsecops/index.md

@@ -0,0 +1,104 @@
+---
+title: Chapter 5 - Introduction to DevSecOps
+layout: custom
+parent: Topic 1 - Introduction to SDLC and DevSecOps
+has_children: false
+has_toc: false
+nav_order: 5
+---
+
+
+# Chapter 5 - Introduction to DevSecOps
+
+## Defining DevSecOps
+- Dev = Development
+- Sec = Security
+- Ops = Operations
+
+**DevSecOps is a methodology that integrates security practices within the DevOps process.** The main goal of DevSecOps is to embed security in every part of the development lifecycle, from initial design through integration, testing, deployment, and software delivery.
+
+Ok, now what? You just have to start integrating this into your coding practices? Actually yes, the whole reason this curriculum is applicable for every person working in IT is because it is best development practice to have a secure lifecycle throughout all of the processes IT goes through when developing a project.
+
+<div style="text-align: center;">
+    <img src="https://www.redhat.com/rhdc/managed-files/styles/wysiwyg_full_width/private/devsecops-linear-405x259.png?itok=XJ87HKrA" alt="DevSecOps" style="max-width:70%;height:auto;"/>
+    <p><em>Source: <a href="https://www.redhat.com/en/topics/devops/what-is-devsecops">Red Hat</a></em></p>
+</div>
+
+
+
+
+## Why Implement DevSecOps:
+
+**The Importance of Security in SDLC:**
+
+The software development lifecycle (SDLC) is a framework used to develop, deploy, and maintain software. A common problem in software development is that security related activities are deferred until the testing phase, which is late in the SDLC after most of the critical design and implementation has been completed. Missing a security related risk could be costly, set back progress, and go unnoticed causing room for further severe impact.
+
+**What is "Shift" Testing:**
+
+"Shift left" and "shift right" are terms that emphasize implementing security practices throughout the SDLC. By adopting shift left and shift right principles, teams are able to fix security flaws early on. They are meant to evaluate and ensure quality of the project by focusing on continuous testing methods.
+
+To **shift left** is to incorporate security testing as soon as possible to find vulnerabilities and fix defects as early as possible in development.
+
+To **shift right** is to monitor user behavior, usage, performance, and security metrics in the production stage to verify software operability.
+
+<p><em>Source: <a href="https://www.redhat.com/en/topics/devops/shift-left-vs-shift-right">Red Hat</a></em></p>
+
+
+
+
+## Tools and technologies:
+<!-- Infrastructure as Code Scanning -->
+<details><summary><b>Infrastructure as code scanning</b></summary>
+<p>
+
+<li> DevSecOps teams use open source tools like <b>Terraform</b> to manage and provision infrastructure like networks, virtual machines, and load balancers through code rather than doing it manually</li>
+
+<li> Terraform helps ensure that infrastructure is set up and updated consistently across hundreds or thousands of servers</li>
+
+<li> Infrastructure as a code scanning tools automatically check the infrastructure at the code level for noncompliance with security policies and standards</li>
+<p><em>Source: <a href="https://www.microsoft.com/en-us/security/business/security-101/what-is-devsecops">Microsoft</a></em></p>
+</p>
+</details>
+
+
+<!-- Dynamic and Static application security testing -->
+<details><summary><b>Dynamic and Static Application Security Testing</b></summary>
+<p>
+
+<li> Dynamic application security testing: This process of testing tests the methods a bad actor might use to attack an application. This testing occurs while the application is running and is based on predefined use cases.</li>
+
+<li> Static application security testing: Before their code compiles, DevSecOps developers begin testing their custom code for security vulnerabilities. Static application security testing tools make this process easier with automatic checks and real-time feedback, often specifying exactly where an vulnerability is</li>
+
+<li> </li>
+<p><em>Source: <a href="https://www.microsoft.com/en-us/security/business/security-101/what-is-devsecops">Microsoft</a></em></p>
+</p>
+</details>
+
+<!-- Container Scanning -->
+<details><summary><b>Container Scanning</b></summary>
+<p>
+
+<li> Container: A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another</li>
+
+<li>Containers are widely used in DevSecOps because they help developers easily deploy self-contained units of code</li>
+
+<li>Container Image: Within a container is a container image, which is a executable software bundle that runs processes for the container. These images are often built using existing images or pulled from public repositories.</li>
+
+<p><em>Source 1: <a href="https://www.docker.com/resources/what-container/">Docker</a></em></p>
+<p><em>Source 2: <a href="https://www.microsoft.com/en-us/security/business/security-101/what-is-devsecops">Microsoft</a></em></p>
+</p>
+</details> 
+
+
+
+
+### References
+
+**1.** “What is DevSecOps?” *Red Hat*, [https://www.redhat.com/en/topics/devops/what-is-devsecops](https://www.redhat.com/en/topics/devops/what-is-devsecops). Accessed 8 Apr. 2024.
+
+**2.** “What is DevSecOps?” *Microsoft*, [https://www.microsoft.com/en-us/security/business/security-101/what-is-devsecops](https://www.microsoft.com/en-us/security/business/security-101/what-is-devsecops). Accessed 8 Apr. 2024.
+
+**3.** “Use containers to Build, Share and Run your applications” *Docker*, [https://www.docker.com/resources/what-container/](https://www.docker.com/resources/what-container/). Accessed 8 Apr. 2024.
+
+**4.** “Shift left vs. shift right” *Red Hat*, [https://www.redhat.com/en/topics/devops/shift-left-vs-shift-right](https://www.redhat.com/en/topics/devops/shift-left-vs-shift-right). Accessed 8 Apr. 2024.
+

docs/course/Topic-1-Software-Dev-and-DevSecOps/index.md

@@ -0,0 +1,18 @@
+---
+title: Topic 1 - Introduction to SDLC and DevSecOps
+layout: custom
+parent: 
+has_children: true
+has_toc: false
+nav_order: 3
+---
+
+# Topic 1 - Introduction to the SDLC and DevSecOps
+
+| Chapter | Learning Objectives | Lab Description |
+|---------|---------------------|-----------------|
+| Chapter 1: Introduction to SDLC | - Define Software Development Lifecycle<br>- Understand the basics of SDLC methodologies<br>- Explore the benefits of using different methodologies<br> |  |
+| Chapter 2: Intro to Version Control | - Define version control<br>- Understand the basics of version control systems<br>- Explore the benefits of using version control<br>- Introduction to common version control tools|  |
+| Chapter 3: Introduction to DevOps | - Define  DevOps <br> |
+| Chapter 4: Introduction to CI/CD | - Establish effective documentation habits<br>- Discuss the importance of READMEs and wikis<br>- Explore best practices for inline code commenting |  
+| Chapter 4: Securing SDLC with DevSecOps | - Define DevSecOps<br> |  |

docs/course/Topic-1-Software-Dev-and-DevSecOps/review-and-knowledge-check/index.md

@@ -0,0 +1,9 @@
+---
+title: Topic Review and Knowledge Check
+layout: custom
+parent: Topic 1 - Introduction to SDLC and DevSecOps
+has_toc: false
+nav_order: 6
+---
+
+#  Topic Review and Knowledge Check

docs/course/topic-1-git/chapter-1-version-control/index.md → docs/course/Topic-2-Git/chapter-1-version-control/index.md

@@ -1,7 +1,7 @@
 ---
-title: Chapter 1 - Introduction to Version Control
+title: Chapter 1 - Version Control 
 layout: custom
-parent: Topic 1 - Git
+parent: Topic 2 - Git
 has_children: false
 has_toc: false
 nav_order: 1

docs/course/topic-1-git/chapter-2-understanding-git/index.md → docs/course/Topic-2-Git/chapter-2-understanding-git/index.md

@@ -1,7 +1,7 @@
 ---
 title: Chapter 2 - Git Fundamentals
 layout: custom
-parent: Topic 1 - Git
+parent: Topic 2 - Git
 has_toc: false
 has_children: false
 nav_order: 2

docs/course/topic-1-git/chapter-3-Intermediate-Concepts/index.md → docs/course/Topic-2-Git/chapter-3-Intermediate-Concepts/index.md

@@ -1,7 +1,7 @@
 ---
 title: Chapter 3 - Git Intermediate Concepts
 layout: custom
-parent: Topic 1 - Git
+parent: Topic 2 - Git
 has_children: true
 has_toc: false
 nav_order: 3

docs/course/topic-1-git/chapter-3-Intermediate-Concepts/lab/git-lab-1.md → docs/course/Topic-2-Git/chapter-3-Intermediate-Concepts/lab/git-lab-1.md

@@ -1,7 +1,7 @@
 ---
 layout: custom
 title: Lab 1. Version Control and Branching
-grand_parent: Topic 1 - Git
+grand_parent: Topic 2 - Git
 parent: Chapter 3 - Git Intermediate Concepts
 nav_order: 1
 ---

docs/course/topic-1-git/chapter-4-git-best-practices/index.md → docs/course/Topic-2-Git/chapter-4-git-best-practices/index.md

@@ -1,7 +1,7 @@
 ---
 title: Chapter 4 - Git Best Practices
 layout: custom
-parent: Topic 1 - Git
+parent: Topic 2 - Git
 has_toc: false
 nav_order: 4
 ---

docs/course/Topic-2-Git/chapter-5-advanced-git-techniques/index.md

@@ -0,0 +1,9 @@
+---
+title: Chapter 6 - Advanced Git Techniques
+layout: custom
+parent: Topic 2 - Git
+has_toc: false
+nav_order: 5
+---
+
+# Chapter 6 - Advanced Git Techniques

docs/course/topic-1-git/index.md → docs/course/Topic-2-Git/index.md

@@ -1,12 +1,12 @@
 ---
-title: Topic 1 - Git
+title: Topic 2 - Git
 layout: custom
 has_children: true
 has_toc: false
-nav_order: 3
+nav_order: 4
 ---
 
-# Topic 1 - Git
+# Topic 2 - Git
 
 | Chapter | Learning Objectives | Lab Description |
 |---------|---------------------|-----------------|