Implementing DevSecOps in SAP Landscape: A 5-Day Hands-On Training
📘 Course Introduction
This 5-day hands-on course is designed to help professionals build and secure SAP landscapes using DevSecOps principles. In today’s enterprise environments, integrating security into the software development lifecycle is not optional—it’s essential.
Participants will learn how to:
- Integrate security into Continuous Integration/Continuous Deployment (CI/CD) pipelines.
- Implement secure transport and vulnerability scanning for ABAP, SAP UI5, and SAP BTP applications.
- Use SAP tools like gCTS, ATC, and SAP BTP Security along with open-source DevSecOps tools such as SonarQube, Trivy, OWASP ZAP, and HashiCorp Vault.
By the end of the course, participants will be able to build secure-by-design pipelines across hybrid SAP ecosystems.
🛠️ Tools & Services Required for Training
Infrastructure & DevOps Tools:
- Git (GitHub, GitLab)
- Jenkins with SAP and security plugins
- Docker
- SonarQube (for ABAP static code analysis)
- Trivy (container security scanning)
- OWASP ZAP (for DAST scanning)
- HashiCorp Vault (secrets management)
- Nexus or Artifactory (artifact repository)
SAP-Specific Tools:
- SAP S/4HANA or NetWeaver Dev + QA systems
- ABAPGit
- SAP ATC (ABAP Test Cockpit)
- SAP gCTS / CTS+
- SAP BTP Subaccount
- SAP Business Application Studio
- SAP Identity Authentication Service (IAS)
- SAP Authorization Concepts (PFCG, SUIM)
📋 List of Tools/Services Covered
| Category | Tools/Services |
|---|---|
| CI/CD Pipeline | Jenkins, SAP BTP CI/CD, GitLab CI |
| Source Control | Git, ABAPGit |
| Static Code Analysis | SAP ATC, SonarQube for ABAP |
| Dynamic App Security | OWASP ZAP |
| Container Scanning | Trivy, Dockle |
| Secrets Management | HashiCorp Vault |
| Transport Management | SAP gCTS, CTS+, TMS |
| SAP Authorization | PFCG, SU24, SUIM |
| SAP Cloud Security | BTP Security, IAS, XSUAA |
📅 5-Day DevSecOps for SAP Training Agenda
Day 1 – Introduction to DevSecOps in SAP
| Time | Topic |
|---|---|
| 09:30 – 10:30 | DevSecOps Principles: Shift-Left Security, CI/CD Integration |
| 10:30 – 12:00 | Overview of SAP Landscape & Security Risks |
| 13:00 – 14:30 | SAP Transport Management: CTS+, gCTS, Secure Workflows |
| 14:30 – 17:00 | Hands-on: Git + ABAPGit Integration & gCTS Secure Setup |
Day 2 – Static Code & Dependency Scanning in SAP
| Time | Topic |
|---|---|
| 09:30 – 11:00 | ABAP Static Code Analysis with SAP ATC |
| 11:00 – 13:00 | Integrating SAP ATC into Jenkins Pipelines |
| 14:00 – 15:30 | SonarQube Setup for ABAP & UI5 Projects |
| 15:30 – 17:00 | Hands-on: CI/CD Pipeline + Static Scanning |
Day 3 – Container & Secrets Security
| Time | Topic |
|---|---|
| 09:30 – 11:00 | Introduction to Docker Security in SAP Extensions |
| 11:00 – 13:00 | Trivy & Dockle for Container Vulnerability Scanning |
| 14:00 – 15:30 | Secrets Management using HashiCorp Vault |
| 15:30 – 17:00 | Hands-on: Secure Jenkins Pipelines with Vault Integration |
Day 4 – DAST, Authorization & SAP BTP Security
| Time | Topic |
|---|---|
| 09:30 – 11:00 | Overview of SAP User & Role Security (PFCG, SUIM) |
| 11:00 – 13:00 | SAP Identity Authentication Service (IAS) & XSUAA |
| 14:00 – 15:00 | Dynamic Application Security Testing with OWASP ZAP |
| 15:00 – 17:00 | Hands-on: Secure SAP BTP Deployment + OWASP ZAP Integration |
Day 5 – End-to-End DevSecOps Pipeline & Governance
| Time | Topic |
|---|---|
| 09:30 – 11:00 | Building an End-to-End Secure CI/CD Pipeline for SAP |
| 11:00 – 13:00 | Audit Logging, Compliance, and Governance in SAP |
| 14:00 – 15:30 | Capstone Project: Secure SAP App from Dev to Prod |
| 15:30 – 17:00 | Review, Q&A, Feedback, and Certification Guidance |
🎓 Outcome
By the end of this training, participants will be able to:
- Automate security checks in SAP delivery workflows
- Use SAP-native and open-source tools to secure transports, applications, and infrastructure
- Implement role-based access control, vulnerability scanning, and DAST for SAP applications
- Build compliant and auditable pipelines across SAP and cloud environments
📞 How to Contact DevOpsSchool Team
For enrollment, customized corporate training, or DevSecOps consulting in SAP:
- 📧 Email: contact@devopsschool.com
- 🌐 Website: https://www.devopsschool.com/contact/
- 📞 India: +91 7004 215 841
- 📞 USA: +1 (469) 756‑6329
- 📍 Training Locations: Bengaluru, Hyderabad, Pune, Mumbai, Delhi, Amsterdam (and online globally)
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals