CI/CD Architecture and Guardrails
RCCE students will learn CI/CD pipeline security including build environment hardening, artifact integrity verification, secret management in pipelines, deployment authorization controls, and pipeline audit logging. RCCE students will learn to secure continuous integration and continuous deployment pipelines against supply chain attacks, harden build environments and runners, implement secret scanning to prevent credential leakage, verify artifact integrity through code signing and attestation, configure deployment gates and approval workflows, detect unauthorized pipeline modifications, audit pipeline execution logs for suspicious activity, and respond to incidents involving compromised CI/CD infrastructure. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. Building on core knowledge, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing CI/CD Architecture and Guardrails
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for learning objectives
- Design a scalable privilege management architecture with policy and enforcement, including CI/CD attack surfaces, Build Security, and Harden build environments.
- Execute hands-on tasks for build security — covering Harden build environments.
- Execute hands-on tasks for secret management — covering Prevent credential leakage.
- Execute hands-on tasks for artifact integrity — covering Sign and attest build artifacts.
- Execute hands-on tasks for deployment controls — covering approval workflows.
- Monitor and audit privilege usage; detect escalation attempts, including pipeline telemetry.
- Execute hands-on tasks for execute ci/cd incident playbooks
- Execute hands-on tasks for ci/cd pipeline anatomy
- Execute hands-on tasks for continuous deployment — covering Code commit triggers build.
- Execute hands-on tasks for pipeline components deep dive
| Module 01 | CI/CD Architecture |
| Module 02 | Learning Objectives |
| Module 03 | Pipeline Architecture |
| Module 04 | Build Security |
| Module 05 | Secret Management |
| Module 06 | Artifact Integrity |
| Module 07 | Deployment Controls |
| Module 08 | Audit & Response |
| Module 09 | Execute CI/CD incident playbooks |
| Module 10 | CI/CD Pipeline Anatomy |
| Module 11 | Continuous Deployment |
| Module 12 | Pipeline Components Deep Dive |
| Module 13 | Source Control |
| Module 14 | Build Orchestrator |
All hands-on labs run on Rocheston Rose X OS. Students practice ci/cd architecture and guardrails by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Design a scalable privilege management architecture with policy and enforcement
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Design a scalable privilege management architecture with policy and enforcement
- Lab 4: Execute hands-on tasks for build security
- Lab 5: Execute hands-on tasks for secret management
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for CI/CD Architecture and Guardrails, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI