Home Course Information Certified DevSecOps Professional (CDP)

Certified DevSecOps Professional (CDP)

Last updated on Jan 28, 2026

Common Questions:

Q1: Can I register for CDE while I am waiting for the CDP result?

A: At this time CDP is a prerequisite for CDE. Please wait another 24 hours or so for your result, then your CDE access shall be provisioned.

Q2: For instance, when integrating NPM Audit into the GitLab CI/CD pipeline  what is the optimal image to select?

A: Choose an image that matches the environment and versions specified in your project. An example of a commonly used image for Node.js projects is node:latest or node:<version>, which provides a baseline Node.js environment. You can then add necessary tools and configurations specific to NPM Audit and your CI/CD pipeline requirements.

Q3: The private SSH key of the production key was copied to the CI/CD machine, does that mean that the CI/CD pipeline run the inspec script on the production machine to test the deployment machine?

A: The inspec tests run the compliance checks on the production machine.
The production machine is saved in a variable called DEPLOYMENT_SERVER.

Q4: On HTTP server how to get the domain name or complete URL section?

A: We have exposed our lab machines using the following pattern:

  • For port 80: devsecops-box-dzwrlgdj.lab.practical-devsecops.training

  • For port 8000: devsecops-box-dzwrlgdj-8000.lab.practical-devsecops.training

  • For port 8080: devsecops-box-dzwrlgdj-8080.lab.practical-devsecops.training

Feel free to choose one of these ports: 80, 8000, or 8080.
For Example:

Q5: I'm trying to understand if there was a reason why sast-with-vm, sca-frontend and sslscan weren't also allowed to fail, or if it was just missed?

A: For the sast-with-vm and sca-frontend job, you can allow those jobs to fail since they will fail when they find the vulnerabilities.

Q6: could you point me in the direction of where DSOMM is covered in the course. Which of the Chapter covers DSOMM

A: We covered all levels of DSOMM in our course, it depends on which level you are referring to? Each chapter in the course represents a specific level if you're referring to DSOMM. Meanwhile, we have our own term called "DevSecOps Gospel" that might be interesting for you

Q7: Hello guys, is there a reason my Jenkins is not identifying new changes in gitlab repository even if there are? I rechecked and it looks like the configuration is ok. its also worked before

A: please check if you have configured the gitlab webhook and ensured the gitlab have Jenkinsfile or syntax errors in the pipeline file

Q8: How does the Inspec tool work? Does the container get spun up with the image and then the SSH connection get established from within the container to the target machine?

A: Your statement is correct, a container that has InSpec installed performs the same function as a native tool installed on the host. It establishes an SSH connection to the target machine, and by default, it uses the SSH key located at /home/user/.ssh. However, if the private key is in a different location, you might need to specify the path using the option -i /path/to/custom/privkey. InSpec will then use this specified private key for authentication

Q9: Is the path specified custom path which can be any or its a path which i need to use in HashiCorp Vault

A: It can be any path. The path specified can be a custom path that you define in HashiCorp Vault.  In HashiCorp Vault, paths are used to organize and manage secrets and other sensitive data. You can create custom paths based on your organization's needs and security requirements. Just make sure to follow best practices for naming conventions and access control policies when defining custom paths in HashiCorp Vault.

Q10: Which lessons explain what the gitlab registry is?

A: Gitlab Registry exists in the CDP Course.

Q11: What is CDP?

A: The DevSecOps Professional course is our most sought-after DevSecOps Training and Certification program. Certified DevSecOps Professional (CDP), is beginner friendly courses for anyone without any prior experiences. Master in-demand skills for secure software development, including implementing GitLab CI/CD best practices, integrating static and dynamic scans, hardening system security, and analyzing potential vulnerabilities with industry-standard tools. This comprehensive program is perfect for anyone who wants to:

  • Transition into a high-paying DevSecOps career

  • Deepen their understanding of secure software development

  • Become a valuable asset in any development team