SlideShare una empresa de Scribd logo

devsecops-reference-architectures-2018.pdf

E
EvinHernandez1

devsecops-reference-architectures-2018.pdf

Ingeniería
1 de 28
Descargar para leer sin conexión
DevSecOps Reference Architectures Derek E. Weeks VP and DevOps Advocate Sonatype 2018
About this collection 1. The reference architectures can be used to validate choices you have made or are planning to make. 2. They are curated from the community. You will notice a number of common elements that are used repeatedly. 3. Each image has a link to its original source in the speaker notes, enabling you to deep dive for more knowledge. If you would like to have your reference architecture added to this deck, please send it to weeks@sonatype.com.
Integration Points and Degree of Automation DevSecOpsTooling Design Development (IDE) Repository Manager CI/CD Post-Deployment Open source governance Open source software analysis n/a Static Application Security Testing (SAST) n/a Dynamic Application Security Testing (DAST) n/a n/a n/a Interactive Application Security Testing (IAST) n/a n/a n/a Mobile Application Security Testing (MAST) n/a n/a Run-time Application Self Protection (RASP) n/a n/a n/a Container and Infrastructure Security n/a Source: Gartner, December 2017, Structuring Application Security Practices and Tools to Support DevOps and DevSecOps Degrees of DevSecOps Automation
Common Elements of a DevSecOps Pipeline
DevSecOps according to U.S. Dept of Defense/JIDO Source: ADDO ‘17 “Governance and Transparency in GovSec DevOps: Leonel Garciga”
DevSecOps according to Magno Rodrigues Source: Stefan Streichsbier Linked in Slides “DevSecOps - The big picture”
DevSecOps according to Carnegie Mellon’s SEI Source: Derek Weeks, DZone “From Water-Scrum-Fall to DevSecOps”
DevSecOps according to Jim Bird Source: Jim Bird, O’Reilly “DevOpsSec: Securing Software through Continuous Delivery”
DevSecOps according to Larry Maccherone Source: Larry Maccherone @Lmaccherone, Twitter “Annotated DevSecOps cycle”
DevSecOps according to Steve Springett Source: Steve Springett, GitHub “Dependency-Track”
DevSecOps according to TeachEra Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
Learn More From Your Peers 21 DevSecOps practitioners from leading enterprises to shared their experiences and best practices. All 21 recordings are available for free at www.alldaydevops.com.
DevSecOps according to Coveros Source: Alan Crouch, Coveros “Implementing the DevSecOps Process”
DevSecOps according to Aaron Weaver Source: Stefan Streichsbier Linked in “DevSecOps - The big picture”
DevSecOps according to Dr. Ravi Rajamiyer Source: Dr. Ravi Rajamiyer, DevOps Summit Journal “When “IoC” meets “SoC’”
DevSecOps according to ACROSEC Source: Derek Weeks, Acrosec “Three important elements of Application Security: "Shift Left", "Security by Design" and "DevSecOps’”
DevSecOps according to Ranger4 Source: Helen Beal, Linked in “DevSecOps is it a Good Thing”
DevSecOps according to AWS @IanMmmm Source: Ian Massingham, @IanMmmm, Linked In “Securing Systems at Cloud Scale with DevSecOps”
DevSecOps according to AWS Source: Priyanka Aash, Linked In “DevSecOps in Baby Steps”
DevSecOps according to Accenture Source: ADDO’17, YouTube “DevOps in Secure Environments: Strategies for Success: Dominic Delmolino”
DevSecOps according to Shine Solutions Source: Archi Gunasekara, Shine Solutions “The Emmergence of the three towers:DecSecOps”
DevSecOps according to Ellucian Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
DevSecOps according to WhiteHat Security Source: White Hat Security “Take Control Design a complete DevOps Program”
DevSecOps according to GSA Source: Tech at GSA “Building DevSecOps Culture”
DevSecOps according to Sense of Security Source: ADDO’17, Youtube “DevOps: A How-To for Agility with Security: Murray Goldschmidt”
We would love to add your DevSecOps reference architecture to this deck. How? 1. Send it to me (weeks@sonatype.com), with the subject line: DevSecOps reference architecture. 2. Provide me link as to where people can find more information about the architecture (e.g., your blog, a video, a SlideShare deck). 3. I’ll add it to this deck with full attribution to you, and let you know that it’s been updated. It’s that easy. We all learn with help from the community. Thank you for your contributions!
About the Author Derek Weeks VP and DevOps Advocate, Sonatype Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus repository manager and the global leader in solutions for software supply chain automation. Derek is also the co-founder of All Day DevOps -- an online community of 40,000 IT professionals, and the lead researcher behind the annual State of the Software Supply Chain report for the DevOps industry. In 2018, Derek was recognized by DevOps.com as the“Best DevOps Evangelist”for his work in the community.
devsecops-reference-architectures-2018.pdf

Recomendados

DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASP
Priyanka Raghavan
 
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipDevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Bryan Len
 

Recomendados

DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASP
Priyanka Raghavan
 
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipDevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Bryan Len
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran
 
The Role of DevSecOps and DevSecOps Tools in Modern Software Development
The Role of DevSecOps and DevSecOps Tools in Modern Software DevelopmentThe Role of DevSecOps and DevSecOps Tools in Modern Software Development
The Role of DevSecOps and DevSecOps Tools in Modern Software Development
Dev Software
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Siddharth Joshi
 
Enterprise Devsecops
Enterprise DevsecopsEnterprise Devsecops
Enterprise Devsecops
Enov8
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
James Wickett
 
How not to fall into the DevSecOps trap
How not to fall into the DevSecOps trapHow not to fall into the DevSecOps trap
How not to fall into the DevSecOps trap
Matteo Emili
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
ICONIQ Analytics: The Modern Developer Technology Stack
ICONIQ Analytics: The Modern Developer Technology StackICONIQ Analytics: The Modern Developer Technology Stack
ICONIQ Analytics: The Modern Developer Technology Stack
Christine Edmonds
 
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
CREST @ University of Adelaide
 
Top 5 DevSecOps Tools- You Need to Know About
Top 5 DevSecOps Tools- You Need to Know AboutTop 5 DevSecOps Tools- You Need to Know About
Top 5 DevSecOps Tools- You Need to Know About
Dev Software
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space Demo
Boyd Hemphill
 
DevSecOps - Agile Get-Together 2022.pdf
DevSecOps - Agile Get-Together 2022.pdfDevSecOps - Agile Get-Together 2022.pdf
DevSecOps - Agile Get-Together 2022.pdf
Seb Rose
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
HermanKBeta
 
To boldly go where no one has gone before: life after the DevSecOps transform...
To boldly go where no one has gone before: life after the DevSecOps transform...To boldly go where no one has gone before: life after the DevSecOps transform...
To boldly go where no one has gone before: life after the DevSecOps transform...
Jakub "Kuba" Sendor
 
What_is_DevOps.pptx
What_is_DevOps.pptxWhat_is_DevOps.pptx
What_is_DevOps.pptx
mridulsharma774687
 
DevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdfDevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdf
Techugo
 
DevSecOps: The Future of Secure Software Development
DevSecOps: The Future of Secure Software DevelopmentDevSecOps: The Future of Secure Software Development
DevSecOps: The Future of Secure Software Development
Dev Software
 
Strengthening Application Security with DevSecOps.docx
Strengthening Application Security with DevSecOps.docxStrengthening Application Security with DevSecOps.docx
Strengthening Application Security with DevSecOps.docx
BharatMalviya10
 
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
Quintin Balsdon
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
JuliansyahHarahap1
 

Más contenido relacionado

Similar a devsecops-reference-architectures-2018.pdf

DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
CREST @ University of Adelaide
 
DevSecOps - Agile Get-Together 2022.pdf
DevSecOps - Agile Get-Together 2022.pdfDevSecOps - Agile Get-Together 2022.pdf
DevSecOps - Agile Get-Together 2022.pdf
Seb Rose
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
HermanKBeta
 
To boldly go where no one has gone before: life after the DevSecOps transform...
To boldly go where no one has gone before: life after the DevSecOps transform...To boldly go where no one has gone before: life after the DevSecOps transform...
To boldly go where no one has gone before: life after the DevSecOps transform...
Jakub "Kuba" Sendor
 

Similar a devsecops-reference-architectures-2018.pdf (20)

Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
The Role of DevSecOps and DevSecOps Tools in Modern Software Development
The Role of DevSecOps and DevSecOps Tools in Modern Software DevelopmentThe Role of DevSecOps and DevSecOps Tools in Modern Software Development
The Role of DevSecOps and DevSecOps Tools in Modern Software Development
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
Enterprise Devsecops
Enterprise DevsecopsEnterprise Devsecops
Enterprise Devsecops
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
How not to fall into the DevSecOps trap
How not to fall into the DevSecOps trapHow not to fall into the DevSecOps trap
How not to fall into the DevSecOps trap
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
ICONIQ Analytics: The Modern Developer Technology Stack
ICONIQ Analytics: The Modern Developer Technology StackICONIQ Analytics: The Modern Developer Technology Stack
ICONIQ Analytics: The Modern Developer Technology Stack
 
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
 
Top 5 DevSecOps Tools- You Need to Know About
Top 5 DevSecOps Tools- You Need to Know AboutTop 5 DevSecOps Tools- You Need to Know About
Top 5 DevSecOps Tools- You Need to Know About
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space Demo
 
DevSecOps - Agile Get-Together 2022.pdf
DevSecOps - Agile Get-Together 2022.pdfDevSecOps - Agile Get-Together 2022.pdf
DevSecOps - Agile Get-Together 2022.pdf
 
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas ChaillanDoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
DoD Enterprise DevSecOps Initiative by Mr. Nicolas Chaillan
 
To boldly go where no one has gone before: life after the DevSecOps transform...
To boldly go where no one has gone before: life after the DevSecOps transform...To boldly go where no one has gone before: life after the DevSecOps transform...
To boldly go where no one has gone before: life after the DevSecOps transform...
 
What_is_DevOps.pptx
What_is_DevOps.pptxWhat_is_DevOps.pptx
What_is_DevOps.pptx
 
DevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdfDevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdf
 
DevSecOps: The Future of Secure Software Development
DevSecOps: The Future of Secure Software DevelopmentDevSecOps: The Future of Secure Software Development
DevSecOps: The Future of Secure Software Development
 
Strengthening Application Security with DevSecOps.docx
Strengthening Application Security with DevSecOps.docxStrengthening Application Security with DevSecOps.docx
Strengthening Application Security with DevSecOps.docx
 
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018
 

Último

Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
dharasingh5698
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 

Último (20)

Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdf
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 

devsecops-reference-architectures-2018.pdf

  • 1. DevSecOps Reference Architectures Derek E. Weeks VP and DevOps Advocate Sonatype 2018
  • 2. About this collection 1. The reference architectures can be used to validate choices you have made or are planning to make. 2. They are curated from the community. You will notice a number of common elements that are used repeatedly. 3. Each image has a link to its original source in the speaker notes, enabling you to deep dive for more knowledge. If you would like to have your reference architecture added to this deck, please send it to weeks@sonatype.com.
  • 3. Integration Points and Degree of Automation DevSecOpsTooling Design Development (IDE) Repository Manager CI/CD Post-Deployment Open source governance Open source software analysis n/a Static Application Security Testing (SAST) n/a Dynamic Application Security Testing (DAST) n/a n/a n/a Interactive Application Security Testing (IAST) n/a n/a n/a Mobile Application Security Testing (MAST) n/a n/a Run-time Application Self Protection (RASP) n/a n/a n/a Container and Infrastructure Security n/a Source: Gartner, December 2017, Structuring Application Security Practices and Tools to Support DevOps and DevSecOps Degrees of DevSecOps Automation
  • 4. Common Elements of a DevSecOps Pipeline
  • 5. DevSecOps according to U.S. Dept of Defense/JIDO Source: ADDO ‘17 “Governance and Transparency in GovSec DevOps: Leonel Garciga”
  • 6. DevSecOps according to Magno Rodrigues Source: Stefan Streichsbier Linked in Slides “DevSecOps - The big picture”
  • 7. DevSecOps according to Carnegie Mellon’s SEI Source: Derek Weeks, DZone “From Water-Scrum-Fall to DevSecOps”
  • 8. DevSecOps according to Jim Bird Source: Jim Bird, O’Reilly “DevOpsSec: Securing Software through Continuous Delivery”
  • 9. DevSecOps according to Larry Maccherone Source: Larry Maccherone @Lmaccherone, Twitter “Annotated DevSecOps cycle”
  • 10. DevSecOps according to Steve Springett Source: Steve Springett, GitHub “Dependency-Track”
  • 11. DevSecOps according to TeachEra Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
  • 12. Learn More From Your Peers 21 DevSecOps practitioners from leading enterprises to shared their experiences and best practices. All 21 recordings are available for free at www.alldaydevops.com.
  • 13. DevSecOps according to Coveros Source: Alan Crouch, Coveros “Implementing the DevSecOps Process”
  • 14. DevSecOps according to Aaron Weaver Source: Stefan Streichsbier Linked in “DevSecOps - The big picture”
  • 15. DevSecOps according to Dr. Ravi Rajamiyer Source: Dr. Ravi Rajamiyer, DevOps Summit Journal “When “IoC” meets “SoC’”
  • 16. DevSecOps according to ACROSEC Source: Derek Weeks, Acrosec “Three important elements of Application Security: "Shift Left", "Security by Design" and "DevSecOps’”
  • 17. DevSecOps according to Ranger4 Source: Helen Beal, Linked in “DevSecOps is it a Good Thing”
  • 18. DevSecOps according to AWS @IanMmmm Source: Ian Massingham, @IanMmmm, Linked In “Securing Systems at Cloud Scale with DevSecOps”
  • 19. DevSecOps according to AWS Source: Priyanka Aash, Linked In “DevSecOps in Baby Steps”
  • 20. DevSecOps according to Accenture Source: ADDO’17, YouTube “DevOps in Secure Environments: Strategies for Success: Dominic Delmolino”
  • 21. DevSecOps according to Shine Solutions Source: Archi Gunasekara, Shine Solutions “The Emmergence of the three towers:DecSecOps”
  • 22. DevSecOps according to Ellucian Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
  • 23. DevSecOps according to WhiteHat Security Source: White Hat Security “Take Control Design a complete DevOps Program”
  • 24. DevSecOps according to GSA Source: Tech at GSA “Building DevSecOps Culture”
  • 25. DevSecOps according to Sense of Security Source: ADDO’17, Youtube “DevOps: A How-To for Agility with Security: Murray Goldschmidt”
  • 26. We would love to add your DevSecOps reference architecture to this deck. How? 1. Send it to me (weeks@sonatype.com), with the subject line: DevSecOps reference architecture. 2. Provide me link as to where people can find more information about the architecture (e.g., your blog, a video, a SlideShare deck). 3. I’ll add it to this deck with full attribution to you, and let you know that it’s been updated. It’s that easy. We all learn with help from the community. Thank you for your contributions!
  • 27. About the Author Derek Weeks VP and DevOps Advocate, Sonatype Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus repository manager and the global leader in solutions for software supply chain automation. Derek is also the co-founder of All Day DevOps -- an online community of 40,000 IT professionals, and the lead researcher behind the annual State of the Software Supply Chain report for the DevOps industry. In 2018, Derek was recognized by DevOps.com as the“Best DevOps Evangelist”for his work in the community.