Skip to content
View stephrobert's full-sized avatar

Block or report stephrobert

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
stephrobert/README.md

Stéphane Robert — DevSecOps Engineer, infrastructure and supply chain security, based in Yffiniac, Brittany

Blog: blog.stephane-robert.info LinkedIn profile GitHub followers 2253 stars across 34 public repositories

I am Stéphane ROBERT, infrastructure engineer at Outscale France, working from Yffiniac in Brittany, France.

I spend my days hardening pipelines and my evenings writing about it. Everything I learn ends up in one of two places: a free tutorial on my blog, or a lab you can actually run from one of the repositories below. Nothing here is a demo that only works on my laptop.


🧪 dsoxlab — a CLI framework for hands-on DevSecOps labs

CI status OpenSSF Scorecard rating Latest release Stars Apache 2.0 license

The problem: most hands-on labs grade you on the commands you typed. Real exams — RHCSA, LFCS — grade the state of the machine, after a reboot. That gap is exactly where candidates fail.

dsoxlab is a domain-agnostic CLI framework driving training labs that live in their own repositories. Each catalog declares itself through a root meta.yml and one lab.yaml per lab, so adding a domain means writing a file, not patching the engine.

  • Validation proves, it does not trust. Labs are graded on the actual state of the system with pytest-testinfra, including persistence after reboot.
  • Three runtimes. A plain shell, an Incus container, or a full KVM/libvirt virtual machine — chosen per lab.
  • Progress that sticks. Scores, hint costs and history persisted in a local SQLite database, XDG-compliant.
  • Bilingual by design. Every user-facing string ships in English and French (DSOXLAB_LANG=en|fr).
git clone https://github.com/stephrobert/dsoxlab.git && cd dsoxlab
uv tool install --editable .
dsoxlab doctor          # diagnoses (and repairs) the local toolchain

git clone https://github.com/stephrobert/linux-dsoxlab-training.git && cd linux-dsoxlab-training
dsoxlab list-labs       # the active catalog is detected from the repo's meta.yml

dsoxlab in action: listing labs and showing one from the terminal


📝 Latest from the blog

Free, in French, and updated far more often than this README. Roughly a hundred articles and a full DevOps course live at blog.stephane-robert.info.

Read all articles Free DevOps course RSS feed


🔐 Supply chain & compliance tooling

  • secure-python-pipeline Python — Lab : API Python avec pipeline CI/CD securise (supply chain, SLSA, SBOM, cosign)

🎓 Free training catalogs

Self-hosted, runnable, no signup wall.

🛠️ What I actually use

Infrastructure as code Terraform · OpenTofu · Pulumi · Packer · Vagrant
Configuration Ansible · Chef / CINC · InSpec
Runtime Kubernetes · Talos · K3s · Docker · Incus · KVM/libvirt
CI/CD GitHub Actions · GitLab CI · Dagger
Supply chain SLSA · SBOM · Cosign · Sigstore · Trivy · OpenSSF Scorecard · Semgrep
Observability Prometheus · Grafana · Loki
Languages Python · Go · Shell · HCL
Cloud Outscale · AWS · GCP
Why this page has no stats widget

Because the popular ones stopped working. github-readme-stats has been returning HTTP 503 since June 2026 and is no longer maintained; github-profile-trophy answers 402 and now relies on sixteen volunteer mirrors. Thousands of profiles are quietly displaying broken images right now — including, at the time of writing, its own author's.

Everything on this page is either a static SVG committed in this repository or a shields.io badge reflecting real state: a CI run, a release tag, an OpenSSF Scorecard rating. The counters at the top are computed from the GitHub API by build.py and committed by a scheduled workflow.

On a profile about supply chain security, not hotlinking someone else's free Vercel deployment seemed like the least I could do.

Rendered by build.py from README-TEMPLATE.j2 · refreshed daily by GitHub Actions

Pinned Loading

  1. stephrobert stephrobert Public

    Jinja 21 5

  2. containers-training containers-training Public

    Formation Conteneurisation Gratuite

    MDX 159 44

  3. ansible-training ansible-training Public

    Une formation Ansible complète

    Python 107 39

  4. python-training python-training Public

    Une formation Python pour les Admin Sys

    Python 41 12

  5. dsoxlab dsoxlab Public

    DevSecOps XL Labs — a domain-agnostic CLI framework to drive hands-on learning labs across multiple repositories

    Python 44 3

  6. linux-dsoxlab-training linux-dsoxlab-training Public

    Linux DevSecOps training (RHCSA + LFCS) driven by the dsoxlab CLI

    Python 16 3