Home > Store

DevSecOps in Oracle Cloud: Securing and Automating Oracle Cloud Infrastructure

Add To My Wish List

DevSecOps in Oracle Cloud: Securing and Automating Oracle Cloud Infrastructure

By Erik Benner, Ahmed Aboulnaga, Dhrumil Patel
Published May 23, 2025 by Oracle Press. Part of the Oracle Press Cloud series.

eBook

Your Price: $44.79
List Price: $55.99
Estimated Release: May 23, 2025
Includes EPUB and PDF
About eBook Formats

This eBook includes the following formats, accessible from your Account page after purchase:

ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Pre-Order

Also available in other formats.

Description

Sample Content

Updates

More Information

Description

Copyright 2025
Edition: 1st

eBook
ISBN-10: 0-13-802942-3
ISBN-13: 978-0-13-802942-5

Automate, secure, and optimize your cloud infrastructure with proven best practices and expert insights.

Securing every stage of development and deployment is no longer a choiceit is a necessity. Adopting a proactive DevSecOps approach is crucial to safeguarding cloud applications and infrastructures. OCI experts Benner, Aboulnaga, and Patel provide comprehensive guidance on leveraging DevSecOps principles to effectively secure and automate cloud environments.

Developers, DevOps professionals, and cloud architects will learn best practices for automating security processes and optimizing enterprise infrastructures with powerful tools such as Terraform and Ansible. This comprehensive guide provides actionable strategies for building secure, scalable, and resilient cloud applications.

You will learn

Step-by-step examples of using Terraform and Ansible in OCI to automate and manage cloud infrastructure
DevSecOps principles and best practices for Oracle Cloud environments
Key OCI services and how they can be applied within a DevSecOps framework to ensure security and efficiency
Practical strategies for building secure, scalable, and resilient applications in Oracle Cloud
How to integrate DevSecOps principles throughout the development and deployment lifecycle
Techniques for maintaining regulatory compliance while ensuring security in Oracle Cloud
How to optimize cloud costs in OCI without compromising security or performance
Practical steps to securely deploy applications in Oracle Cloud

Unlock the full potential of Oracle Cloud and DevSecOps and ensure that your organization stays ahead of evolving security threats and operational demands. This guide provides the hands-on tools, expert insights, and proven strategies you need to secure, automate, and scale your Oracle Cloud applications.



Sample Content

Introduction xxii
Chapter 1 Introduction to OCI and DevSecOps 1
What Is DevSecOps? 4
Why DevSecOps? 5
What Makes Up a DevSecOps Team? 6
Benefits of OCI 7
OCI Free Services 9
Summary 10
Chapter 2 Oracle Cloud InfrastructureGovernance 11
Tenancy Account Management and Governance 11
Creating a New Tenancy 12
Organizational Governance 15
Cloud Advisor 20
Cost Management 22
Performance 24
High Availability 25
Billing and Budgets 26
Dashboards 32
Summary 36
Chapter 3 Oracle IaaSSecurity 37
Identity and Access Management (IAM) 37
Security Zones 39
Bastions 44
Threat Intelligence Service 49
Web Application Firewall (WAF) 54
Firewall 65
Vault 80
Audit 84
Summary 87
Chapter 4 Oracle IaaSCloud-Native
Technologies 89
Functions 90
Setting Up the Tenancy 91
Creating the Application 92
Setting Up the Linux Host 95
Creating and Running a Function 104
Streams 107
Events 108
Oracle Kubernetes Engine (OKE) 112
Docker 113
Key Terms 113
Summary 119
Chapter 5 Oracle IaaSNetwork 121
Getting Started with OCI Networking 121
Understanding Concepts and Terminology 121
Walking Through a Basic Network Architecture Diagram 122
Creating Your First VCN and Subnet 124
Creating a VCN 124
Creating a Subnet 125
Updating the Security List 126
Connecting VCNs Through Local Peering 127
Creating Local Peering Gateways and Establishing Peering 128
Adding a New Route Rule to the Route Table 129
Creating Network Security Groups (NSGs) 130
Attaching VNIC to the Network Security Group 131
Creating Flow Logs 132
Using Network Path Analyzer 133
Understanding Gateways 136
Securing Your Network 136
Summary 137
Chapter 6 Oracle IaaSCompute 139
Building a VM 139
X86 and ARM, AMD vs. Intel Whats the Scoop? 145
A VM Is More Than a VM; There Are Options 147
OS Images and the Marketplace 153
Custom OS Images 160
Summary 163
Chapter 7 Oracle IaaSStorage 165
Block Volume 166
Creating and Attaching 166
Configuring Performance 169
Performing a Backup 172
Object Storage 175
File Storage 176
Archive Storage 179
How to Secure Your Storage 179
Summary 181
Chapter 8 Oracle DBaaSDatabases 183
Oracles DBaaS Offerings 183
Database as a Base Database Service 186
Exadata Cloud Service and Exadata Cloud@Customer 186
Autonomous Database Services 187
MySQL and MySQL HeatWave 189
NoSQL 190
How to Provision Databases 191
Provisioning Base Database Service 191
Provisioning the Autonomous Database Service 196
Provisioning MySQL Database 199
Provisioning the NoSQL Database 204
Summary 205
Chapter 9 OCI DevOps Service 207
Overview of OCI DevOps 208
Deployment Environments 210
Deployment Strategies 210
DevOps Components and Resources 211
How to Create a Working Sample Project 214
Creating Compute Instances to Deploy To 215
Granting Permissions to Compute Instance Run Command Plug 215
Creating an Artifact Registry to Host Artifacts 216
Uploading a Script to the Artifact Registry 216
Creating a Notification Topic 218
Creating a DevOps Project 218
Creating an Environment in the DevOps Project 218
Adding an Artifact from the Artifact Registry to the DevOps Project 219
Adding an Instance Group Deployment Configuration Artifact 220
Creating a Deployment Pipeline 222
Running the Deployment Pipeline 222
Summary 224
Chapter 10 Data Safe 225
Security Assessment 225
User Assessment 228
Data Discovery 230
Data Masking 236
Activity Auditing 241
Alerts 243
How to Add a Database 244
Registering an Autonomous Database 245
Registering an Oracle Base Database System 247
Registering an On-Premises Database 253
Summary 255
Chapter 11 Identity and Access Management 257
Compartments 257
Users 258
Database Passwords 258
API Keys 263
Groups 269
Dynamic Groups 269
Policies 273
Federation 277
Summary 292
Chapter 12 Operating System Security 293
Oracle Ksplice 293
Oracle Autonomous Linux 296
Vulnerability Scanning Service (VSS) 298
Summary 301
Chapter 13 Observability and Management 303
OCI Logging Service 303
Log Format 303
Log Types 305
Log Groups 307
Exercise 1: Enabling a Service Log 307
Exercise 2: Creating a Custom Log 311
Oracle Cloud Logging Analytics 313
Setting Up Logging Analytics for the First Time 313
Downloading and Installing the Management Agent 317
Clearing and Resetting Logging Analytics 320
Summary 320
Chapter 14 Cloud Guard 321
Initial Configuration 322
Recipe Management 331
Using Detector Recipes 331
Using Responder Recipes 332
Accessing Cloud Guard Recipes 332
Managing Detector Recipes 333
Managing Responder Recipes 334
Security Zones 338
Adding a New Security Zone 340
Summary 343
Chapter 15 An Introduction to Ansible 345
What Is Ansible? 345
What Is OLAM? 346
Sizing the Deployment 348
OCI Authentication 350
Getting the OCI Information 350
Adding the OLAM Credential 353
Collections and Modules 354
Installing the OCI Collection on Your OCI Development System 354
Playbooks 356
Introduction to YAML 359
Summary 362
Chapter 16 Using Ansible in OCI 363
Using Ansible 363
Writing Playbooks 363
Sample Playbooks 369
Common OCI Playbooks 374
Summary 382
Chapter 17 AnsibleInstalling and Configuring
OLAM 383
Installation 383
Preparing Linux 383
Setting Up PostgreSQL 385
Installing OLAM 387
OLAM Management 392
Resource Management 394
Templates 395
Credentials 399
Projects 401
Inventory 403
Hosts 408
Access Management 410
Organizations 410
Users 412
Teams 414
OLAM Administrative Options 416
Credential Types 416
Notifications 417
Management Jobs 418
Instance Groups 420
Applications 420
Execution Environments 420
Summary 421
Chapter 18 Ansible Full Stack Sample 423
Ansible in the Real World 423
Planning a Team 423
Creating Users 423
Creating Teams 426
Setting Up an Inventory 439
Summary 451
Chapter 19 Infrastructure as Code 453
The Problem That IaC Solves 454
Introducing Terraform as an IaC Tool 454
Terraform Concepts and Terminology 455
Declarative Approach 457
State File 457
Immutable Infrastructure 457
Plug-ins 458
Terraform and OCI 459
Terraform Best Practices 459
Summary 460
Chapter 20 Terraform API with Examples 461
Setting Up Terraform in OCI 461
Downloading and Installing Terraform 461
Creating RSA Keys Required for API Signing 463
Adding a Policy for the User to Read OCI Resources 465
Exercise 1: Running Terraform for the First Time 466
Creating a Working Directory 466
Creating an Initial Terraform Script 466
Running Terraform Initialize for the First Time 467
Running terraform plan for the First Time 468
Running terraform apply for the First Time 469
Exercise 2: Parameterizing Terraform Configuration 471
Exercise 3: Understanding the Terraform OCI Documentation 473
Updating Terraform Configuration from the Terraform OCI Documentation 474
Running the Terraform Script to Create and List a Block Volume 478
Updating a Resource 482
Parameterizing from Other Output 483
Debugging Errors 484
Summary 485
Chapter 21 Terraform Sample Use Case 487
Confirming IAM Policies 489
Setting Up Terraform 489
Applying the Changes 490
Creating a New Compartment 490
Applying the Changes 491
Rerunning Terraform Apply with No Changes 491
Rerunning Terraform Apply After a Change in Terraform Configuration 493
Rerunning Terraform Apply After a Change on the OCI Console 494
Creating a Virtual Cloud Network 494
Defining a VCN Module 494
Defining Security Lists and Ingress/Egress Rules 495
Defining the Private and Public Subnets 498
Updating the Outputs File 499
Applying the Changes 500
Creating a Compute Instance 502
Applying the Changes 504
Creating an Autonomous Database 505
Applying the Changes 506
Replicating to a Production Environment 507
Using Other Terraform Commands 508
Formatting Terraform Configuration 508
Validating Terraform Configuration 508
Listing All Resources in the Terraform State 508
Displaying Details of All Resources from the Terraform State 509
Viewing the Terraform Output 510
Destroying Resources 510
Destroying the Entire Infrastructure 511
Destroying a Single Terraform Resource 511
Stopping/Starting Instances with Terraform 511
Summary 512
Chapter 22 Enterprise Manager Cloud Control
Installation 515
Installing and Configuring the Repository Database 517
Installing and Configuring Oracle Management Service 522
OPatch 526
Oracle Enterprise Manager 13c
Update 12 for OMS 526
Oracle Enterprise Manager 13c
Release 5 Update 12 for Oracle Management Agent 527
Installing and Configuring Oracle Analytics Server 529
Installing JDK 529
Installing FMW
Infrastructure 530
Installing OAS 531
Configuring OAS 532
Integrating OAS with Oracle Enterprise Manager 534
Configuring Security Infrastructure 534
Configuring the Required OAS Datasource 537
Setting OAS Support for Oracle Enterprise Manager-Provided Reports 538
Summary 546
Chapter 23 Using Oracle Enterprise Manager Cloud Control 547
Setting Up Administrators and Users 551
Monitoring OCI Environments 554
Monitoring OCI Compute Instance 554
Monitoring OCI Autonomous Database 558
Integrating Oracle Enterprise Manager with OCI 564
Setting Up Preferred Credentials 564
Creating an Enterprise Manager Target Group 568
Creating an Oracle Enterprise Manager Super Administrator 569
Creating a Global Named Credential 570
Incorporating Best Practices 578
Monitoring Database Security 579
Patching Oracle Enterprise Manager 579
Sizing Oracle Enterprise Manager 580
Summary 581

9780138029418 TOC 4/11/2025



Updates

Submit Errata



More Information



InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Privacy Notice

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
Such marketing is consistent with applicable law and Pearson's legal obligations.
Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

As required by law.
With the consent of the individual (or their parent, if the individual is a minor)
In response to a subpoena, court order or legal process, to the extent permitted or required by law
To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
To investigate or address actual or suspected fraud or other illegal activities
To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Email Address

Corporate, Academic, and Employee Purchases