Implementing DevSecOps in SAP Landscape: A 5-Day Hands-On Training
📘 Course Introduction
This 5-day hands-on course is designed to help professionals build and secure SAP landscapes using DevSecOps principles. In today’s enterprise environments, integrating security into the software development lifecycle is not optional—it’s essential.
Participants will learn how to:
- Integrate security into Continuous Integration/Continuous Deployment (CI/CD) pipelines.
- Implement secure transport and vulnerability scanning for ABAP, SAP UI5, and SAP BTP applications.
- Use SAP tools like gCTS, ATC, and SAP BTP Security along with open-source DevSecOps tools such as SonarQube, Trivy, OWASP ZAP, and HashiCorp Vault.
By the end of the course, participants will be able to build secure-by-design pipelines across hybrid SAP ecosystems.
🛠️ Tools & Services Required for Training
Infrastructure & DevOps Tools:
- Git (GitHub, GitLab)
- Jenkins with SAP and security plugins
- Docker
- SonarQube (for ABAP static code analysis)
- Trivy (container security scanning)
- OWASP ZAP (for DAST scanning)
- HashiCorp Vault (secrets management)
- Nexus or Artifactory (artifact repository)
SAP-Specific Tools:
- SAP S/4HANA or NetWeaver Dev + QA systems
- ABAPGit
- SAP ATC (ABAP Test Cockpit)
- SAP gCTS / CTS+
- SAP BTP Subaccount
- SAP Business Application Studio
- SAP Identity Authentication Service (IAS)
- SAP Authorization Concepts (PFCG, SUIM)
📋 List of Tools/Services Covered
| Category | Tools/Services |
|---|---|
| CI/CD Pipeline | Jenkins, SAP BTP CI/CD, GitLab CI |
| Source Control | Git, ABAPGit |
| Static Code Analysis | SAP ATC, SonarQube for ABAP |
| Dynamic App Security | OWASP ZAP |
| Container Scanning | Trivy, Dockle |
| Secrets Management | HashiCorp Vault |
| Transport Management | SAP gCTS, CTS+, TMS |
| SAP Authorization | PFCG, SU24, SUIM |
| SAP Cloud Security | BTP Security, IAS, XSUAA |
📅 5-Day DevSecOps for SAP Training Agenda
Day 1 – Introduction to DevSecOps in SAP
| Time | Topic |
|---|---|
| 09:30 – 10:30 | DevSecOps Principles: Shift-Left Security, CI/CD Integration |
| 10:30 – 12:00 | Overview of SAP Landscape & Security Risks |
| 13:00 – 14:30 | SAP Transport Management: CTS+, gCTS, Secure Workflows |
| 14:30 – 17:00 | Hands-on: Git + ABAPGit Integration & gCTS Secure Setup |
Day 2 – Static Code & Dependency Scanning in SAP
| Time | Topic |
|---|---|
| 09:30 – 11:00 | ABAP Static Code Analysis with SAP ATC |
| 11:00 – 13:00 | Integrating SAP ATC into Jenkins Pipelines |
| 14:00 – 15:30 | SonarQube Setup for ABAP & UI5 Projects |
| 15:30 – 17:00 | Hands-on: CI/CD Pipeline + Static Scanning |
Day 3 – Container & Secrets Security
| Time | Topic |
|---|---|
| 09:30 – 11:00 | Introduction to Docker Security in SAP Extensions |
| 11:00 – 13:00 | Trivy & Dockle for Container Vulnerability Scanning |
| 14:00 – 15:30 | Secrets Management using HashiCorp Vault |
| 15:30 – 17:00 | Hands-on: Secure Jenkins Pipelines with Vault Integration |
Day 4 – DAST, Authorization & SAP BTP Security
| Time | Topic |
|---|---|
| 09:30 – 11:00 | Overview of SAP User & Role Security (PFCG, SUIM) |
| 11:00 – 13:00 | SAP Identity Authentication Service (IAS) & XSUAA |
| 14:00 – 15:00 | Dynamic Application Security Testing with OWASP ZAP |
| 15:00 – 17:00 | Hands-on: Secure SAP BTP Deployment + OWASP ZAP Integration |
Day 5 – End-to-End DevSecOps Pipeline & Governance
| Time | Topic |
|---|---|
| 09:30 – 11:00 | Building an End-to-End Secure CI/CD Pipeline for SAP |
| 11:00 – 13:00 | Audit Logging, Compliance, and Governance in SAP |
| 14:00 – 15:30 | Capstone Project: Secure SAP App from Dev to Prod |
| 15:30 – 17:00 | Review, Q&A, Feedback, and Certification Guidance |
🎓 Outcome
By the end of this training, participants will be able to:
- Automate security checks in SAP delivery workflows
- Use SAP-native and open-source tools to secure transports, applications, and infrastructure
- Implement role-based access control, vulnerability scanning, and DAST for SAP applications
- Build compliant and auditable pipelines across SAP and cloud environments
📞 How to Contact DevOpsSchool Team
For enrollment, customized corporate training, or DevSecOps consulting in SAP:
- 📧 Email: contact@devopsschool.com
- 🌐 Website: https://www.devopsschool.com/contact/
- 📞 India: +91 7004 215 841
- 📞 USA: +1 (469) 756‑6329
- 📍 Training Locations: Bengaluru, Hyderabad, Pune, Mumbai, Delhi, Amsterdam (and online globally)
I’m Rajesh Kumar, a DevOps, SRE, DevSecOps, Cloud, and Platform Engineering expert passionate about sharing practical knowledge, real-world experiences, and industry best practices. I have worked at Cotocus and regularly write about technology, travel, investing, health, product reviews, and digital marketing through my various platforms.
I publish technical articles at DevOps School, travel stories at Holiday Landmark, stock market insights at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow, and SEO and digital marketing strategies at Wizbrand.
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals