Skip to content

Tutorial Submission #2903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 9, 2025
Merged

Tutorial Submission #2903

merged 6 commits into from
Oct 9, 2025

Conversation

alexmatcov
Copy link
Contributor

Assignment Proposal

Title

DevSecOps with Checkov for Infrastructure Security Scanning

Names and KTH ID

Deadline

Task 3

Category

Executable tutorial

Description

This executable tutorial demonstrates how to implement Infrastructure as Code (IaC) security scanning using Checkov, creating a DevSecOps workflow that prevents misconfigured infrastructure from reaching production.

The tutorial will guide users through scanning and securing Terraform infrastructure code using Checkov, an open-source static analysis tool that identifies security misconfigurations and compliance violations.

The tutorial will include:

  • Setting up Terraform code with intentional security misconfigurations (i.e. public S3 buckets, overpermissive security groups, unencrypted resources)
  • Installing and configuring Checkov for IaC security scanning
  • Interpreting security scan results and understanding vulnerability classifications
  • Implementing step-by-step remediation of critical security findings
  • Demonstrating the complete scan-fail-fix-pass cycle

Users will start with vulnerable AWS Terraform configurations, use Checkov to identify security issues, fix the vulnerabilities following security best practices, and finally show how to integrate automated security in CI/CD pipeline.

The tutorial will be delivered through KillerCoda platform in 4 steps: introduction to IaC security, Checkov scanning basics, vulnerability remediation, and CI/CD integration.

Relevance

This tutorial addresses a critical aspect of modern DevOps: infrastructure security integration throughout the development lifecycle. With 95% of cloud security breaches being preventable through proper configuration management, implementing IaC security scanning has become essential for DevOps teams. The approach demonstrates core DevOps principles of automation, continuous integration, and shift-left practices by catching security issues early in the infrastructure provisioning process rather than after deployment.

Deliverables

@sofiabobadilla
Copy link
Collaborator

We have received the submission.

The tutorial will be graded in the upcoming weeks, and the grades will be reported on canvas.

Thank you for your work.

@sofiabobadilla sofiabobadilla self-assigned this Oct 9, 2025
@sofiabobadilla sofiabobadilla merged commit 9b3651e into KTH:2025 Oct 9, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sofiabobadilla sofiabobadilla

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexmatcov @sofiabobadilla