Home Certification & Exams CI/CD Tools and Image Configuration for the DevSecOps Certification Exam

CI/CD Tools and Image Configuration for the DevSecOps Certification Exam

Last updated on Jan 07, 2026

CI/CD Tools and Image Configuration for the DevSecOps Certification Exam

Understanding which continuous integration/continuous delivery (CI/CD) platforms are covered on the DevSecOps exam—and how to correctly specify container and Node.js images in GitLab CI/CD—can make the difference between a passing score and a retake. This article clarifies the exam scope, explains why only GitLab CI/CD is tested, and provides practical guidance for identifying and configuring Docker images for your pipeline jobs.

Table of Contents

  1. Exam Scope: Which CI/CD Tools Are Included?
  2. Why GitLab CI/CD Is the Sole Focus
  3. Identifying the Correct Container Image in GitLab
  4. Practical Example: A Simple Node.js Build Job
  5. Common Questions & Tips for the Exam

Exam Scope: Which CI/CD Tools Are Included?

Short answer: Only GitLab CI/CD is examined.

  • Jenkinsnot part of the test.
  • CircleCInot part of the test.
  • Any other CI/CD platform (e.g., Travis CI, Azure Pipelines) – not covered.

The exam blueprint explicitly states that candidates should concentrate on GitLab’s native CI/CD features, pipelines, and configuration files.

Why GitLab CI/CD Is the Sole Focus

  1. Unified Platform – The DevSecOps certification is built around a single, end‑to‑end toolchain. GitLab provides source control, issue tracking, security scanning, and CI/CD in one integrated environment.
  2. Consistent Learning Path – By limiting the scope to GitLab, the course can dive deeper into pipeline syntax, runners, and security jobs without splitting attention across multiple vendors.
  3. Industry Relevance – Many enterprises have adopted GitLab for its built‑in DevSecOps capabilities, making the skill set directly applicable on the job market.

Takeaway: Mastering GitLab CI/CD will satisfy the exam requirements and equip you with a market‑ready skill set.

Identifying the Correct Container Image in GitLab

Basic image: Syntax

In a .gitlab-ci.yml file, the image: keyword tells GitLab which Docker image to spin up for a job. This image becomes the execution environment for all script commands defined in that job.

job_name:
  image: <docker-image-reference>
  script:
    - echo "Running inside the container"
  • <docker-image-reference> can be a public image from Docker Hub, a private registry, or a custom image stored in GitLab Container Registry.
  • If image: is omitted, the job inherits the default image defined at the top level of the YAML file or the GitLab Runner’s default.

Choosing a Node.js Image

When a pipeline needs a specific version of Node.js, select an official Node image that matches the required runtime. Official images are maintained on Docker Hub and are version‑tagged.

Tag Example Description
node:alpine Latest Node.js on a lightweight Alpine Linux base
node:14-alpine Node.js 14.x on Alpine – ideal for legacy projects
node:16 Latest Node.js 16.x on Debian (default variant)
node:18-slim Node.js 18.x on a minimal Debian “slim” image

Tips for selecting the right tag:

  • Match the project’s package.json engine field (e.g., "node": ">=14 <15" → use node:14).
  • Prefer Alpine or Slim variants for faster pipeline start‑up and lower storage costs, unless native dependencies require a full OS.
  • Pin to a specific patch version (node:14.21-alpine) when reproducibility is critical.

Practical Example: A Simple Node.js Build Job

Below is a minimal .gitlab-ci.yml snippet that builds a Node.js application using the node:14-alpine image and runs an npm test suite.

stages:
  - test

npm_test:
  stage: test
  image: node:14-alpine   # <-- container image with Node 14 on Alpine
  before_script:
    - npm ci               # install exact dependencies from lock file
  script:
    - npm run lint
    - npm test
  cache:
    paths:
      - node_modules/

What the example demonstrates:

  1. Explicit image selection (node:14-alpine).
  2. Use of before_script to set up the environment.
  3. Caching of node_modules to speed up subsequent runs.

Understanding this pattern is essential for the exam’s pipeline‑configuration questions.

Common Questions & Tips for the Exam

Question Answer
Will I be asked about Jenkins pipelines? No. The exam only covers GitLab CI/CD syntax and concepts.
Are CircleCI configuration files part of the test? No. Focus exclusively on .gitlab-ci.yml.
Do I need to know how to build custom Docker images? Basic knowledge helps, but the exam expects you to reference existing public images (e.g., official Node images).
What if a job needs multiple tools (e.g., Node + Python)? Use a multi‑stage pipeline or a custom image that bundles both runtimes. The exam may ask you to explain the approach, not to write the Dockerfile.
How important is image version pinning? Very important. The exam tests your ability to ensure reproducible builds by selecting exact tags.

Quick Exam‑Day Checklist

  • ✅ Review the top‑level image: declaration and per‑job overrides.
  • ✅ Memorize the most common Node.js image tags (alpine, slim, specific major versions).
  • ✅ Understand the difference between container image (the Docker image used for the job) and node image (the Node.js runtime inside that container).
  • ✅ Be ready to explain why GitLab CI/CD is the only tool covered.

By concentrating on GitLab CI/CD, mastering the image: keyword, and confidently selecting the appropriate Node.js Docker tags, you’ll be well‑prepared to tackle the CI/CD section of the DevSecOps certification exam. Good luck, and happy pipeline building!