DevSecOps reference architectures 2018

Download as PPTX, PDF

29 likes10,542 views

The document presents a collection of DevSecOps reference architectures intended to validate users' choices in DevSecOps practices, curated from the community with common elements highlighted. It includes links to original sources for deeper insights and encourages contributions from practitioners to enhance the resource. The document emphasizes community learning and provides guidance on how to submit additional architectures.

Software

DevSecOps reference architectures 2018

1. DevSecOps Reference Architectures Derek E. Weeks VP and DevOps Advocate Sonatype 2018

2. About this collection 1. The reference architectures can be used to validate choices you have made or are planning to make. 2. They are curated from the community. You will notice a number of common elements that are used repeatedly. 3. Each image has a link to its original source in the speaker notes, enabling you to deep dive for more knowledge. If you would like to have your reference architecture added to this deck, please send it to [email protected].

3. Integration Points and Degree of Automation DevSecOpsTooling Design Development (IDE) Repository Manager CI/CD Post-Deployment Open source governance Open source software analysis n/a Static Application Security Testing (SAST) n/a Dynamic Application Security Testing (DAST) n/a n/a n/a Interactive Application Security Testing (IAST) n/a n/a n/a Mobile Application Security Testing (MAST) n/a n/a Run-time Application Self Protection (RASP) n/a n/a n/a Container and Infrastructure Security n/a Source: Gartner, December 2017, Structuring Application Security Practices and Tools to Support DevOps and DevSecOps Degrees of DevSecOp s Automatio n

4. Common Elements of a DevSecOps Pipeline

5. DevSecOps according to U.S. Dept of Defense/JIDO

6. DevSecOps according to Magno Rodrigues

7. DevSecOps according to Carnegie Mellon’s SEI

8. DevSecOps according to Jim Bird

9. DevSecOps according to Larry Maccherone

10. DevSecOps according to Steve Springett

11. DevSecOps according to TeachEra

12. Learn More From Your Peers 21 DevSecOps practitioners from leading enterprises to shared their experiences and best practices. All 21 recordings are available for free at www.alldaydevops.com.

13. DevSecOps according to Coveros

14. DevSecOps according to Aaron Weaver

15. DevSecOps according to Dr. Ravi Rajamiyer

16. DevSecOps according to ACROSEC

17. DevSecOps according to Ranger4

18. DevSecOps according to AWS @IanMmmm

19. DevSecOps according to AWS

20. DevSecOps according to Accenture

21. DevSecOps according to Shine Solutions

22. DevSecOps according to Ellucian

23. DevSecOps according to WhiteHat Security

24. DevSecOps according to GSA https://tech.gsa.gov/guides/building_devsecops_culture/

25. DevSecOps according to Sense of Security

26. We would love to add your DevSecOps reference architecture to this deck. How? 1. Send it to me ([email protected]), with the subject line: DevSecOps reference architecture. 2. Provide me link as to where people can find more information about the architecture (e.g., your blog, a video, a SlideShare deck). 3. I’ll add it to this deck with full attribution to you, and let you know that it’s been updated. It’s that easy. We all learn with help from the community. Thank you for your contributions!

Editor's Notes

#2: DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#3: DevOps 2018
#4: DevOps 2018
#5: DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#6: https://www.youtube.com/watch?v=LNL5J6gIkv0 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#7: https://www.slideshare.net/StefanStreichsbier/devsecops-the-big-picture-66944652?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=25 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#8: https://dzone.com/articles/from-water-scrum-fall-to-devsecops DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#9: http://www.oreilly.com/webops-perf/free/devopssec.csp DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#10: https://twitter.com/LMaccherone/status/843644744538427392 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#11: https://github.com/stevespringett/dependency-track DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#12: https://www.slideshare.net/secfigo/practical-devsecops-course-part-1-82334619?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=7 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#13: DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#14: https://www.coveros.com/implementing-devsecops-process/ DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#15: https://www.slideshare.net/StefanStreichsbier/devsecops-the-big-picture-66944652?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=25 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#16: http://devops.sys-con.com/node/4151782 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#17: https://www.acrosec.jp/qwertz/wp-content/uploads/2018/01/A1_Acrosec_Application_Security_Shift_Left_Security-by-Design_DevSecOps_V1.2.19_english.pdf DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#18: https://www.slideshare.net/DevOpstastic/devsecops-is-it-a-good-thing DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#19: https://www.slideshare.net/AmazonWebServices/securing-systems-at-cloud-scale-with-devsecops DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#20: https://www.slideshare.net/cisoplatform7/devsecops-in-baby-steps-59371055 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#21: https://www.youtube.com/watch?v=Vkn4oIIjyDs DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#22: https://shinesolutions.com/2016/05/13/the-emergence-of-the-3-towers-devsecops/ DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#23: https://www.slideshare.net/secfigo/practical-devsecops-course-part-1-82334619?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=7 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#24: https://www.slideshare.net/DevOpsWebinars/take-control-design-a-complete-devsecops-program-82918313?from_action=save DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#25: https://tech.gsa.gov/guides/building_devsecops_culture/ DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#26: https://www.youtube.com/watch?v=YVa8Bn9CRK8 DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix DevOps 2018
#27: DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevSecOps reference architectures 2018

More Related Content

What's hot (20)

Similar to DevSecOps reference architectures 2018 (20)

More from Sonatype (20)

Recently uploaded (20)

DevSecOps reference architectures 2018

Editor's Notes