DevSecOps Automation Framework

DevSecOps Automation Framework

There is plenty of material about DevSecOps on the Internet. Yet, while talking to clients and many of my colleagues, I found the following diagram to be a great tool to explain several practical aspects around DevSecOps automation. The objective of this blog is to share my thoughts around it with the community.

There is plenty of material about DevSecOps on the Internet. Yet, while talking to clients and many of my colleagues, I found the following diagram to be a great tool to explain several practical aspects around DevSecOps automation. The objective of this blog is to share my thoughts around it with the community.

Figure 1: DevSecOps Automation Framework

Figure 1 shows a high level point of view around DevSecOps automation framework. I like to represent this using 3 pipeline — the Lego block delivery pipeline, the application (or solution) delivery pipeline and the Integrated Service Management pipeline.

Let’s look at these three pipelines to understand what they do. Consider an example. During a Java based application development, often we pull dependency libraries from sources such as Maven Central as part of the build stage. Wait a minute, did we check if these libraries are clear from any vulnerabilities as per an enterprise’s policies? Also, did we ensure that the license through which the libraries are made available is acceptable to the enterprise in context?

Figure 2: Lego block delivery pipeline

Figure 2: Lego block delivery pipeline

This is where the first pipeline (ref. Figure 2) comes to the picture to make sure we are creating curated building blocks that can be used in an enterprise. The red color cloud icon in the Lego block delivery pipeline represents the Internet repositories from where we are pulling the dependency libraries. The immediate quality gate is checking for vulnerabilities and license compliance. Optionally, the library can be taken through the rest of the steps in the pipeline to build a hello world application to check for any additional issues during runtime. Finally, the library is certified and stored in an enterprise trusted binary repository from where it is getting consumed for the actual application development.

automation devops devsecops

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

DevOps Automation: How to Apply Automation Into Your Software Delivery Process

DevOps automation tools help increase your application development agility and speed up delivery for software changes.

Automating Security in DevOps: Top 15 Tools

Cybersecurity is a big concern for many companies. With data breaches happening more and more as attacks increase in sophistication, teams are looking at all of the options they have to prevent them.

How to Extend your DevOps Strategy For Success in the Cloud?

DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.

What Is DevOps and Is Enterprise DevOps Any Good?

What is DevOps? How are organizations transitioning to DevOps? Is it possible for organizations to shift to enterprise DevOps? Read more to find out!

DevOps Basics: What You Should Know

What is DevOps? What are the goals it helps achieves? What are its benefits? This article has answers!