Get the Latest DevSecOps Reference Architecture

Since releasing the DevSecOps Reference Architecture last year I’ve received a ton of feedback from the community. I took the feedback and spent some time over the past several months to update the architecture to roll in some of the suggestions. I’m happy to say that I finished a new version of the reference architecture and it’s now available for download here.

Evolution of Ideas

Before discussing changes in the architecture I need to point out that this diagram isn’t a prescription for every organization on what they need to do to succeed in the adoption of DevSecOps practices. It should be considered as a possibility diagram showing what kind of security controls can we put in a development pipeline and where they should ideally sit to enable flow. No matter what kind of reference architecture you look at when planning your pipelines you’ll never find one that matches your business or technical requirements exactly. This is because your products are your products, your developers are your developers, and your business requirements are your business requirements.

There have been various changes to the reference architecture since it was first released. In addition to suggesting new open source tools and other third-party applications that can be used the DevSecOps tool chain, there are three major changes in this version.

Don’t Stop Learning

The first change is the addition of a continuous education track. Continuous education is pivotal in the success of any team adopting DevSecOps practices. It’s essential to provide people with instructor-led training, computer-based training, reference architectures, and other learning material in order to keep innovating and experimenting on a day-to-day basis. This new track spans the entire length of the pipeline, all the way from an idea and into production (and beyond).

I Forgot My Phone

I forgot mobile (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by DJ Schleen. Read the original post at:

Avatar photo

DJ Schleen

DJ is a seasoned DevSecOps advocate at Sonatype and provides thought leadership to organizations looking to integrate security into their DevOps practices. He comes from a practitioner background and specializes in architecting DevSecOps pipelines, automating security in DevOps environments, and breaking down organizational silos that inhibit the delivery of safer software. DJ has worked to streamline development pipelines and practices for many Fortune 100 organizations by focusing on culture and technique. He uses this expertise to surface the right technology to serve business goals and support outcomes. He is an international speaker, blogger, instructor and author in the DevSecOps community where he encourages organizations to deeply integrate a culture of security and trust into their core values and product development journey.

dj-schleen has 10 posts and counting.See all posts by dj-schleen