This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 3.6 of Cloud Security Controls and Frameworks
The shift-left philosophy applied to cloud CI/CD — secret detection, IaC scanning, SAST, DAST, SBOM generation, and runtime policy enforcement using OPA.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
OWASP DevSecOps Guideline
OWASP comprehensive guide to integrating security into DevOps pipelines.
Checkov IaC Security Scanner
Checkov documentation for scanning Terraform, CloudFormation, Kubernetes, and ARM templates.
NIST SP 800-204C: Implementation of DevSecOps
NIST guidance on implementing DevSecOps for cloud-native microservices applications.
Sigstore Cosign Container Image Signing
Cosign documentation for keyless container image signing in CI/CD pipelines.
Quadrant 4 · Self-Assessment
Controls, Standards and Testing
CSA CCM v4, NIST CSF 2.0, ENISA, CSPM, CWPP, CASB, CIEM, CSMV, and cloud penetration testing tools.
Cloud Security: Complete Assessment
Comprehensive 120-question assessment covering all six chapters of the Cloud Security eBook 2026.