The abridged syllabus you’re looking for has not been entered yet. We’ve provided a similar abridged syllabus as an example. Check back later for that specific abridged syllabus. The complete syllabus will be available in your Canvas course.

605.609.81 - DevOps and Secure Software Development

Computer Science

Spring 2024

Description

This course focuses on three key concepts: Agile Software Development, Infrastructure as Code, and Secure Software Delivery. Throughout this course students will learn how to build modern software systems through version control, automated deployment techniques, and improved documentation. This course gathers the latest publications to instruct students on: source code control, virtualization and containerization (Docker) techniques, build automation tools, software composition management/analysis, cloud security, and application security testing (SAST/DAST/IAST/RASP). The course concludes with a team project where students code a functioning DevSecOps pipeline to automate the assessment of software for security.Prerequisite(s): Prior experience in software development in any language is required. Familiarity with software design, cloud development, and architecture techniques is recommended.

Instructors

Jeffrey Garonzik

jgaronz2@jhu.edu

Jason Chavez

jason.chavez@jhu.edu

Course Structure

The course materials are divided into modules which can be accessed by clicking Modules on the menu. A module will have several sections including the overview, content, readings, discussions, and assignments. You are encouraged to preview all sections of the module before starting. Most modules run for a period of seven (7) days, exceptions are noted in the Course Outline. You should regularly check the Calendar and Announcements for assignment due dates.

Course Topics

This course discusses the basic concepts of DevOps, including its philosophy, workflow, monitoring methods, and tools.

Topics include:

concepts and vision for DevOps
task evaluation
skills assessment
tool selection
release/deployment pipelines
automated testing
continuously monitoring production
patching / vulnerabilities

Students will apply these concepts to see how they can be best implemented to automate development, test, and release practices. Students will work in teams to build functional working models of realized DevOps.

Course Goals

To understand and be able to utilize modern tools with DevOps capabilities and methods to develop and operate applications. Some of the methods taught and examples of modern tools include:

Source code control (Git, GitHub, Gitlab)
Virtualization/Containerization (Virtualbox, VMware EXSi, Docker)
Build automation/CM (Puppet, Chef, Saltstack, Ansible)
Binary distribution (Artifactory)
Continuous integration (Jenkins)
Communications & ChatOps
Automated testing
Static Code Analysis
Dynamic Application Scanning
Patch Management & Library Composition Analysis (Software Composition Analysis)
Application Logging & Monitoring

Course Learning Outcomes (CLOs)

Define basic DevOps terms and concepts.
Working in a small team environment, develop and demonstrate the ability to integrate required, disparate tools into functioning automated DevOps toolchains. In areas of interest determined by the team, integrate judiciously curated tools into their functioning toolchains.
Develop a functional DevOps model, including assessing an IT situation, selecting appropriate software development tools, and assigning responsibility to acquire, assemble, integrate and operate them.
Utilize selected tools to achieve a functional IT environment.
Continuously evaluate newly emerging technology to develop and implement new capabilities.

Textbooks

Vadapalli, S. (2018). DevOps: Continuous delivery, integration, and deployment with DevOps. Birmingham, UK: Packt Publishing.

ISBN-10: 1789132991

ISBN-13: 978-1789132991

Textbook information for this course is available online through the appropriate bookstore website: For online courses, search the MBS website. We recommend purchasing from the publisher, Packt, for the best price.

Required Software

This class requires spinning up custom servers on students’ machines which is typically done through Virtualbox, Docker, or Vagrant. Additionally, students will install various DevOps tools on those servers each week. It is expected that students will have their own computer with full administrative rights where they can install whatever is needed each week. Please don’t use a work laptop with limited permissions. Furthermore, knowledge of basic linux CLI commands is expected. Students are expected to have basic knowledge or quickly learn (or have a willingness to learn) basic linux commands, such as how to change a directory or execute a script within a directory.

It may be necessary depending on the team's decisions to utilize public cloud resources (AWS and/or GCP) at their own expense (typically less than $20).

Student Coursework Requirements

Student Coursework Requirements:

It is expected that each module will take approximately 10 hours per week to complete. Each module consists of reading material, watching lectures, completing forum discussions, taking quizzes, and completing technical assignments. There will also be a midterm half-way through the class during week 8 and a final project on week 14. All assignments will be graded for accuracy, timely completion, and completeness.

Weekly Discussions (20%)

Each week you will write a 1-2 page post to facilitate module learning objectives. You should use DevOps terms and correctly display critical thinking ability to analyze a problem from key areas. After you have created your weekly post, you should comment on two other student postings within the week. This will provide an opportunity to interact with your classmates and learn from their experience and points of view. Discussions will be graded weekly, proving feedback to the student. Refer to the Discussion Guidelines document in the Syllabus & Course Information area for more information.

Weekly Quizzes (10%)

You will take a closed book quiz each week consisting of 10 questions in a 30-minute time period. The quizzes will be used to reinforce key concepts in each module. Additionally, the weekly quizzes provide quick feedback for instructors to identify where, if at all, you are not understanding key concepts. The 10 weekly quizzes will draw upon material from the reading assignments as well as the lectures. They will include multiple choice, true/false, and fill in the blank to create an automated grading experience.

Weekly Assignments (35%)

Weekly assignments provide an opportunity for students to gain a hands-on experience with DevOps tools. You will use these assignments to increase your technical acumen. Assignments will build all of the core technical expertise necessary to successfully deliver the Course Project. This is a key portion of the class where theory will go into action. Refer to the Assignment Guidelines document in the Syllabus & Course Information area for more information.

Midterm Exam (15%)

The Midterm will test your understanding of concepts from Modules 1-7. It consists of 25 questions, most of which are short answer questions. This is a closed book and notes exam.

Course Project (20%)

The Course Project mimics a real-world project to build an automated DevOps pipeline that deploys a web application, scans for vulnerabilities, and products relevant security scans. In Module 7, you will be assigned to a team to work with for the project, as teamwork is an essential part of real-world DevOps work. Teams will submit an Architecture Diagram showing the DevOps pipeline they have created, a Kanban project management board showing assignment of tasks, security scans, and videos recording showing a live build of their solution. Refer to the Course Project document in the Syllabus & Course Information area for more information.

Grading Policy

Assignments are due according to the dates posted in your Canvas course site. You may check these due dates in the Course Calendar or the Assignments in the corresponding modules. I/We will post grades one week after assignment due dates.

We generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.

A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments and discussion in every week.

A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.

Name:	Range:
A+	100 %	to 98.0%
A	< 98.0 %	to 94.0%
A-	< 94.0 %	to 90.0%
B+	< 90.0 %	to 87.0%
B	< 87.0 %	to 83.0%
B-	< 83.0 %	to 80.0%
C+	< 80.0 %	to 77.0%
C	< 77.0 %	to 73.0%
C-	< 73.0 %	to 70.0%
D+	< 70.0 %	to 67.0%
D	< 67.0 %	to 63.0%
F	< 63.0 %	to 0%

Final grades will be determined by the following weighting:

Item	% of Grade
Weekly Forum Discussions	20%
Weekly Quizzes	10%
Weekly Assignments	35%
Midterm Exam	15%
Course Project	20%

Full quiz and midterm solutions are made available to all students after grading is complete.

Course Policies

Student assignments that are late may be docked at least one letter grade.

Example: Max score on a 100 point assignment is 90. If students need to submit late, they may ask instructors for an extension at least 48 hours before the assignment is due.

Approval of extension is given by the discretion of the instructor, it is not guaranteed.

Typically, we treat assignments like a workplace. Example: Your boss is expecting you to brief management on Friday. If you know you would be out of town, you could easily reschedule. However, if you missed the meeting with your boss and his managers, your performance evaluations should reflect that error in judgement.

If an assignment has not been submitted within 14 days after the submission date, it will be treated as a 0 or F.

Please note this class follows the EP academic calendar.

All assignments are due within the duration of the course. Assignments submitted after the final examination period has completed may not be accepted by the instructor. This means you would score a 0 or an F.

Example: Please do not attempt to submit your Course Project two weeks late. It would make it hard to close out the course and provide recommendations on graduation. Additionally, it wouldn’t be accepted, and the team would get a 0.

Academic Policies

Deadlines for Adding, Dropping and Withdrawing from Courses

Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.

Academic Misconduct Policy

All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.

This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

Students with Disabilities - Accommodations and Accessibility

Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.

For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.

Student Conduct Code

The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically.

For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/

Classroom Climate

JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity.

If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

Course Auditing

When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.