CI/CD Incident Response
RCCE students will learn CI/CD pipeline security including build environment hardening, artifact integrity verification, secret management in pipelines, deployment authorization controls, and pipeline audit logging. RCCE students will learn to secure continuous integration and continuous deployment pipelines against supply chain attacks, harden build environments and runners, implement secret scanning to prevent credential leakage, verify artifact integrity through code signing and attestation, configure deployment gates and approval workflows, detect unauthorized pipeline modifications, audit pipeline execution logs for suspicious activity, and respond to incidents involving compromised CI/CD infrastructure. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. At an expert level, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing CI/CD Incident Response
- Execute hands-on tasks for learning objectives
- Explain Pipeline Security Foundations fundamentals
- Build detections and response workflows for privilege escalation, including Harden build environments and runners, and Execute structured IR workflows.
- Execute hands-on tasks for advanced skills — covering unauthorized pipeline modifications.
- Explain CI/CD Pipeline Architecture Overview fundamentals
- Execute hands-on tasks for core components
- Execute hands-on tasks for security touchpoints — covering Version control triggers pipeline start, Pre-commit hooks and branch policies.
- Execute hands-on tasks for pipeline components deep dive
- Execute hands-on tasks for source control
- Execute hands-on tasks for build orchestration
- Execute hands-on tasks for artifact management — covering Git repositories with, Jenkins, GitLab CI, GitHub.
- Execute hands-on tasks for infrastructure layer — covering Runner pools: self-hosted vs cloud-managed execution.
| Module 01 | Learning Objectives |
| Module 02 | Pipeline Security Foundations |
| Module 03 | Incident Response Mastery |
| Module 04 | Advanced Skills |
| Module 05 | CI/CD Pipeline Architecture Overview |
| Module 06 | Core Components |
| Module 07 | Security Touchpoints |
| Module 08 | Pipeline Components Deep Dive |
| Module 09 | Source Control |
| Module 10 | Build Orchestration |
| Module 11 | Artifact Management |
| Module 12 | Infrastructure Layer |
| Module 13 | Build Environment Hardening |
| Module 14 | Runner Isolation |
All hands-on labs run on Rocheston Rose X OS. Students practice ci/cd incident response by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for learning objectives
- Lab 2: Explain Pipeline Security Foundations fundamentals
- Lab 3: Build detections and response workflows for privilege escalation
- Lab 4: Execute hands-on tasks for advanced skills
- Lab 5: Explain CI/CD Pipeline Architecture Overview fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for CI/CD Incident Response, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI