Bynet Professional Services

AI-Assisted
DevSecOps Workshop

Build, secure, and deploy a real application using AI agents and industry-leading DevSecOps tools — from source code to production in one session.

The Workshop

What we will do

We will take a real open-source web application and run it through a complete software delivery lifecycle. An AI agent will build the entire CI/CD pipeline for us, scan the container for vulnerabilities, deploy it to the cloud, and then a second AI agent will find and fix a critical security issue — all in one session.

🧃

OWASP Juice Shop

An intentionally insecure Node.js web application used worldwide for security training. It ships with real vulnerabilities from the OWASP Top 10 — SQL injection, XSS, broken auth, insecure deserialization — making it the perfect target for a DevSecOps demo.

Node.js OWASP Top 10 Docker Open Source

The Pipeline

Tools and how they connect

Script.it AI agent generates and runs the full pipeline end-to-end. Each tool plays a specific role in the lifecycle.

Script.it

AI agent that builds
and runs everything

Orchestrator

→

GitLab

Source code, CI/CD
pipeline, SAST scan

Build + SAST

→

JFrog

Store Docker image,
scan for CVEs with Xray

Artifact + Scan

→

Tanzu CF

Deploy container
to production cloud

Deploy

→

GitLab Duo

AI explains and fixes
the SAST vulnerability

AI Remediation

Agenda

What you will do, step by step

MODULE 1-2

🔗

Connect your tools

Sign up to Script.it and connect it to GitLab, JFrog Artifactory, and Tanzu Cloud Foundry. One-time setup, takes about 5 minutes.

MODULE 3

🍋

Fork Juice Shop

Ask Script.it to fork the OWASP Juice Shop from GitHub into your personal GitLab group. No Git commands needed.

MODULE 4

⚙️

Build the pipeline

Script.it generates the full .gitlab-ci.yml, pushes it, and runs the pipeline. Watch SAST, build, Xray scan, and CF deploy all pass.

MODULE 5

🛡️

Fix a vulnerability with AI

Open the Security Dashboard, find the critical Deserialization vulnerability, and ask GitLab Duo to explain and fix it. Approve the commit.

What you take home

By the end of this workshop

You will have built and deployed a fully secured application from scratch using AI agents, with hands-on experience across the entire DevSecOps lifecycle.

✅

Live app in production

Juice Shop running on Tanzu Cloud Foundry

🔍

Vulnerability found and fixed

Critical SAST finding remediated by GitLab Duo

🤖

AI agents in action

Script.it and GitLab Duo working end to end

🏆

Certificate of completion

Bynet verified DevSecOps workshop certificate

AI-AssistedDevSecOps Workshop