Build secure, policy-gated CI/CD workflows using GitHub Actions.
This course focuses on pipeline threat modeling, secret protection, dependency scanning, and secure deployment controls in GitHub Actions workflows.
Updated June 2026
Module 1: Pipeline Threat Modeling - identifying CI/CD attack surfaces
Module 2: GitHub Actions Security Hardening - OIDC, least-privilege tokens
Module 3: Secret Protection and Management in workflows
Module 4: Dependency Scanning with Dependabot and CodeQL
Module 5: SAST/DAST Integration in automated pipelines
Module 6: Artifact Signing and Supply Chain Security (SLSA, Sigstore)
Module 7: Release Governance - policy gates and compliance checkpoints
Module 8: Capstone - end-to-end secure, policy-gated CI/CD workflow
Pipeline threat modeling
Secure workflow design
Automated security checks
Release governance
End-to-end secure CI/CD workflow
Policy-gated deployment pipeline
Is this course suitable for working professionals?
Yes. The course includes flexible recorded support and assignment windows for working learners.
Do I get certification preparation support?
Yes. This program includes structured guidance for CI/CD Security with revision plans and mock checkpoints.