Overview
Trivy for Kubernetes & DevSecOpsBuild Secure Container Pipelines with SBOM, Supply Chain Scanning & CI/CD Automation Using GitHub Actions, Jenkins, ArgoCD, Terraform & Helm Modern software delivery is fast. Attack surfaces are faster. Container images, Helm charts, Terraform modules, CI pipelines, and GitOps promotions form a complex supply chain - and every stage is a potential entry point for risk. This book does not teach isolated Trivy commands. It teaches you how to design and operate a production-grade DevSecOps control system. What This Book DeliversYou will build a complete, real-world security architecture: Repository → Container Build (Immutable Digest) → Vulnerability Scan → SBOM Generation (CycloneDX & SPDX) → Helm Render Validation → Misconfiguration & Secret Detection → Policy-Based Gating → GitOps Promotion with ArgoCD → Audit-Ready Evidence Pack → Continuous Validation & Security Debt Reduction Every chapter connects to this system spine. Nothing is fragmented. Nothing is theoretical. What Makes This Book DifferentMost DevSecOps guides: Explain what SBOM is Show a few Trivy examples Provide disconnected CI snippets Avoid real governance design This book goes further. You will implement: Deterministic PR gates with SARIF integration Enterprise-grade Jenkins release pipelines Terraform misconfiguration scanning with real guardrails Helm pre-deploy security validation Expiry-based exception governance Break-glass workflows with audit traceability Digest-only production deployments Evidence bundles with policy snapshots and checksums Zero-to-production rollback validation Multi-environment promotion discipline using ArgoCD This is not ""scan and hope."" It is structured enforcement. Built for Real OperatorsThis book is written for: DevOps Engineers Platform Engineers SREs Security Engineers (AppSec / CloudSec) Cloud Architects Technical Leaders building internal DevSecOps standards It assumes you want depth - not surface-level summaries. There are no ""What is Kubernetes?"" chapters. There are no toy examples. Every workflow is production-aligned. Fully Modern & 2026-ReadyYou will work with current, real-world tooling: Trivy for image, filesystem, repo, and Kubernetes scanning GitHub Actions for PR security gates Jenkins for enterprise release orchestration Terraform for infrastructure-as-code validation Helm for controlled application delivery ArgoCD for GitOps promotion enforcement SBOM-first supply chain governance The final capstone builds a complete, audit-ready DevSecOps platform from scratch. What You Will Walk Away WithAfter completing this book, you will have: A repeatable security architecture you can deploy immediately Copy-paste CI/CD templates ready for production Governance patterns with expiry-based exceptions A measurable security debt reduction model A roadmap for enterprise scaling (policy-as-code, attestations, multi-cluster governance) A standalone DevSecOps blueprint suitable for serious environments Security is not a scanner. It is a workflow. It is a promotion discipline. It is a contract between build, release, and runtime. This book gives you the architecture to enforce that contract. If you build Kubernetes platforms, operate CI/CD systems, or are responsible for container supply chain integrity, this manual will become your operational reference.
Full Product Details
Author: Alira Vexel
Publisher: Independently Published
Imprint: Independently Published
Dimensions:
Width: 21.60cm
, Height: 2.10cm
, Length: 27.90cm
Weight: 0.939kg
ISBN: 9798251053159
Pages: 408
Publication Date: 06 March 2026
Audience:
General/trade
,
General
Format: Paperback
Publisher's Status: Active
Availability: Available To Order
We have confirmation that this item is in stock with the supplier. It will be ordered in for you and dispatched immediately.
