DevSecOps Without Compromise

Oliver Milke (@OliverMilke) of Cloudogu (@Cloudogu) thinks it is time to think differently about the way to provision and operate a DevSecOps toolchain. He outlined his ideas and showed how they could be done, step-by-step, at the Nexus User Conference.

He noted that development teams often feel they have to choose between two options. For example, choosing between cloud software or on-premise software. Oliver asks, “Shouldn’t it be possible to have the best of both worlds?”

Best of Many Worlds

Oliver defines this cake-and-eat-it-too toolchain as:

  • A system you make AND buy;
  • A system on the cloud AND on-prem;
  • A system that supports a single vendor AND multi-vendor software;
  • A system that supports open source software centralization AND distribution software (depending on requirements)

Of these DevSecOps toolchain characteristics, what does your team need? Consider carefully and get input across disciplines. Teams must work collaboratively to create a managed state model that supports current and future needs.

Oliver makes some suggestions based on his work with Cloudogu. The Cloudogu EcoSystem is a platform that provides standardized architecture and automated cloud services for integrated toolchains. Sonatype’s Nexus IQ and Nexus Repository Manager are two tools baked into Cloudogu’s customizable dashboard.

Interestingly, the German government is one of Cloudogu’s biggest customers. This enables government departments to build digital-first, self-service portals for contractors and citizens.

Strengthen Your DevSecOps Toolchain

Toolchain Decoupling

Oliver recommends decoupling vendor toolsets. Don’t be afraid to connect competing products to experiment. Doing so has the potential for greater flexibility, scalability, and interconnectivity.

Ransomware Protection

Another important consideration is your ability to backup and restore work. “This is an often overlooked step,” reports Oliver. People forget that you must regularly test your data backups to ensure they can be restored.

When was the last time you (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/devsecops-without-compromise