Improving DevSecOps at the GSA

The U.S. General Services Administration has a number of roles in the U.S. government. For instance, the GSA is the world’s largest landlord. It administers all of the civilian federal government buildings.

Lesser known is GSA’s stated mission:

“Improve the way federal agencies buy, build and use technology. We will lead the charge to modernize government’s approach to technology products and services. We will guide agencies through innovative and efficient technology deployment to meet their missions and fulfill the needs of Americans in a rapidly evolving and complex world.”

This brings us to DevOps and the U.S. government.

Navin Vembar was GSA’s CTO when he spoke at the All Day DevOps conference about the agency’s journey to DevOps. The GSA is leading the government’s transition to more industry-standard software development methods and practices.

For example, the GSA uses APIs, flexible contracting tools, and open source components. The agency is well-versed in Agile and DevOps practices, too. The GSA also offers intra-agency consulting through 18F, to streamline development. 

GSA is one place in government that encourages experimentation with new technology and processes.

However, modernizing is a work-in-progress. Individual programs adopt technology, processes, and culture in pieces. Other agency programs use more traditional approaches to software delivery, ranging from how they plan to how they capture needs and requirements. The conglomerate nature of the GSA means that different business lines and internal leadership do not always share the same approaches with technology.

As CTO, Navin wanted to set a “new normal” for collaboration using DevOps across the organization. To start, he needed to find an agency level baseline so they could measure progress. So they set out to find out what the DevOps maturity was at the GSA. Next, they wanted to find the successes and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Derek Weeks. Read the original post at: https://blog.sonatype.com/improving-devsecops-at-the-gsa