Uploaded byEvinHernandez1
PDF, PPTX81 views

devsecops-reference-architectures-2018.pdf

This document provides a collection of reference architectures for DevSecOps practices curated from the DevSecOps community. It includes 13 reference architectures from industry practitioners and organizations like the Department of Defense, Carnegie Mellon's SEI, AWS, and WhiteHat Security. Each architecture image has a link to its original source for more information. The document advocates adding additional reference architectures from the community to this collection by sending them to the author.

Embed presentation

Download as PDF, PPTX
DevSecOps Reference Architectures Derek E. Weeks VP and DevOps Advocate Sonatype 2018
About this collection 1. The reference architectures can be used to validate choices you have made or are planning to make. 2. They are curated from the community. You will notice a number of common elements that are used repeatedly. 3. Each image has a link to its original source in the speaker notes, enabling you to deep dive for more knowledge. If you would like to have your reference architecture added to this deck, please send it to weeks@sonatype.com.
Integration Points and Degree of Automation DevSecOpsTooling Design Development (IDE) Repository Manager CI/CD Post-Deployment Open source governance Open source software analysis n/a Static Application Security Testing (SAST) n/a Dynamic Application Security Testing (DAST) n/a n/a n/a Interactive Application Security Testing (IAST) n/a n/a n/a Mobile Application Security Testing (MAST) n/a n/a Run-time Application Self Protection (RASP) n/a n/a n/a Container and Infrastructure Security n/a Source: Gartner, December 2017, Structuring Application Security Practices and Tools to Support DevOps and DevSecOps Degrees of DevSecOps Automation
Common Elements of a DevSecOps Pipeline
DevSecOps according to U.S. Dept of Defense/JIDO Source: ADDO ‘17 “Governance and Transparency in GovSec DevOps: Leonel Garciga”
DevSecOps according to Magno Rodrigues Source: Stefan Streichsbier Linked in Slides “DevSecOps - The big picture”
DevSecOps according to Carnegie Mellon’s SEI Source: Derek Weeks, DZone “From Water-Scrum-Fall to DevSecOps”
DevSecOps according to Jim Bird Source: Jim Bird, O’Reilly “DevOpsSec: Securing Software through Continuous Delivery”
DevSecOps according to Larry Maccherone Source: Larry Maccherone @Lmaccherone, Twitter “Annotated DevSecOps cycle”
DevSecOps according to Steve Springett Source: Steve Springett, GitHub “Dependency-Track”
DevSecOps according to TeachEra Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
Learn More From Your Peers 21 DevSecOps practitioners from leading enterprises to shared their experiences and best practices. All 21 recordings are available for free at www.alldaydevops.com.
DevSecOps according to Coveros Source: Alan Crouch, Coveros “Implementing the DevSecOps Process”
DevSecOps according to Aaron Weaver Source: Stefan Streichsbier Linked in “DevSecOps - The big picture”
DevSecOps according to Dr. Ravi Rajamiyer Source: Dr. Ravi Rajamiyer, DevOps Summit Journal “When “IoC” meets “SoC’”
DevSecOps according to ACROSEC Source: Derek Weeks, Acrosec “Three important elements of Application Security: "Shift Left", "Security by Design" and "DevSecOps’”
DevSecOps according to Ranger4 Source: Helen Beal, Linked in “DevSecOps is it a Good Thing”
DevSecOps according to AWS @IanMmmm Source: Ian Massingham, @IanMmmm, Linked In “Securing Systems at Cloud Scale with DevSecOps”
DevSecOps according to AWS Source: Priyanka Aash, Linked In “DevSecOps in Baby Steps”
DevSecOps according to Accenture Source: ADDO’17, YouTube “DevOps in Secure Environments: Strategies for Success: Dominic Delmolino”
DevSecOps according to Shine Solutions Source: Archi Gunasekara, Shine Solutions “The Emmergence of the three towers:DecSecOps”
DevSecOps according to Ellucian Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
DevSecOps according to WhiteHat Security Source: White Hat Security “Take Control Design a complete DevOps Program”
DevSecOps according to GSA Source: Tech at GSA “Building DevSecOps Culture”
DevSecOps according to Sense of Security Source: ADDO’17, Youtube “DevOps: A How-To for Agility with Security: Murray Goldschmidt”
We would love to add your DevSecOps reference architecture to this deck. How? 1. Send it to me (weeks@sonatype.com), with the subject line: DevSecOps reference architecture. 2. Provide me link as to where people can find more information about the architecture (e.g., your blog, a video, a SlideShare deck). 3. I’ll add it to this deck with full attribution to you, and let you know that it’s been updated. It’s that easy. We all learn with help from the community. Thank you for your contributions!
About the Author Derek Weeks VP and DevOps Advocate, Sonatype Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus repository manager and the global leader in solutions for software supply chain automation. Derek is also the co-founder of All Day DevOps -- an online community of 40,000 IT professionals, and the lead researcher behind the annual State of the Software Supply Chain report for the DevOps industry. In 2018, Derek was recognized by DevOps.com as the“Best DevOps Evangelist”for his work in the community.
devsecops-reference-architectures-2018.pdf

More Related Content

PPTX
DevSecOps reference architectures 2018
bySonatype
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PDF
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
PDF
Understanding DevSecOps.pdf
byCiente
 
PDF
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
bymohitd6
 
PDF
Security at the Speed of Software Development
byDevOps.com
 
DevSecOps reference architectures 2018
bySonatype
 
2019 DevSecOps Reference Architectures
bySonatype
 
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
Understanding DevSecOps.pdf
byCiente
 
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
bymohitd6
 
Security at the Speed of Software Development
byDevOps.com
 

Similar to devsecops-reference-architectures-2018.pdf

PPTX
Introduction to DevSecOps
byabhimanyubhogwan
 
PPTX
What is devsecops and what is the characteristics of it
byamalsalah25
 
PDF
DevSecOps - Background, Status and Future Challenges
bydsc71656
 
PDF
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
PPTX
DevSecOps Powerpoint Presentation for Students
bypoonawala2303
 
PDF
Introduction to DevSecOps
bySetu Parimi
 
PPTX
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
 
PDF
DevSecOps - The big picture
byDevSecOpsSg
 
PDF
DevSecOps - The big picture
byStefan Streichsbier
 
PDF
_How DevSecOps Is Transforming Software Security in Modern Development (1).pdf
byDevseccops.ai
 
PDF
_How DevSecOps Is Transforming Software Security in Modern Development.pdf
byDevseccops.ai
 
PDF
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
PDF
DevSecOps as a Service_ Secure Your Software Pipeline Without Slowing It Down...
byDevseccops.ai
 
PDF
Scale security for a dollar or less
byMohammed A. Imran
 
PDF
Enterprise Devsecops
byEnov8
 
PDF
DevSecOps Implement Making Security Central to Your DevOps Pipeline
byEnov8
 
DOCX
DevSecOps - offpage blog final draft - 03.docx
bySun Technologies
 
PPTX
State of DevSecOps - DevSecOpsDays 2019
byStefan Streichsbier
 
PPTX
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
byDevSecCon
 
PDF
Devsecops – Aerin IT Services
byAerin IT Services
 
Introduction to DevSecOps
byabhimanyubhogwan
 
What is devsecops and what is the characteristics of it
byamalsalah25
 
DevSecOps - Background, Status and Future Challenges
bydsc71656
 
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
DevSecOps Powerpoint Presentation for Students
bypoonawala2303
 
Introduction to DevSecOps
bySetu Parimi
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
 
DevSecOps - The big picture
byDevSecOpsSg
 
DevSecOps - The big picture
byStefan Streichsbier
 
_How DevSecOps Is Transforming Software Security in Modern Development (1).pdf
byDevseccops.ai
 
_How DevSecOps Is Transforming Software Security in Modern Development.pdf
byDevseccops.ai
 
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
DevSecOps as a Service_ Secure Your Software Pipeline Without Slowing It Down...
byDevseccops.ai
 
Scale security for a dollar or less
byMohammed A. Imran
 
Enterprise Devsecops
byEnov8
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
byEnov8
 
DevSecOps - offpage blog final draft - 03.docx
bySun Technologies
 
State of DevSecOps - DevSecOpsDays 2019
byStefan Streichsbier
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
byDevSecCon
 
Devsecops – Aerin IT Services
byAerin IT Services
 

Recently uploaded

PPTX
EcoSath Hackathon Final Presentation Based on ESG Data
byshashirwr2016
 
PDF
Introduction CC-Cloud Architecture and Models by Dr. K. Adisesha
byAdiseshaK
 
PDF
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
PDF
Unit 1: Introduction Cloud Computing-PPT by Dr. K.Adisesha
byAdiseshaK
 
PPTX
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
Develop and Implement a Maintenance Competency Plan | Build Skilled, Reliable...
byMaintWiz Technologies Private Limited
 
PPTX
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PDF
2025 MediaEval Medico Organizer Presentation
bySushant Gautam
 
PDF
Step by Step Guide to OVERHAULING GENERATORS on Ships
byMahmoud Moghtaderi
 
PPTX
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
PDF
Operating System Concepts-Memory Management by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Trade Secret.pptx (Trade Secret.pptx.pptx)
byganeshchalla7
 
PDF
AI-DRIVEN CTI FOR BUSINESS: EMERGING THREATS, ATTACK STRATEGIES, AND DEFENSIV...
byAIRCC Publishing Corporation
 
PDF
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
PDF
Meraki Cloud Management and Monitoring for Catalyst - Cisco Certificate
byVICTOR MAESTRE RAMIREZ
 
PDF
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
PDF
Impact of Different Curing Techniques in Evaluating the Strength of the Rolle...
byAbdullah Al-Ani
 
PDF
Unit - III Analysis of Pin Jointed Plane Trusses / Frames
bynmmorkane
 
PPTX
EARTHWORM DIGESTIVE SYSTEM by a student.pptx
byGabPeralta2
 
PDF
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 
EcoSath Hackathon Final Presentation Based on ESG Data
byshashirwr2016
 
Introduction CC-Cloud Architecture and Models by Dr. K. Adisesha
byAdiseshaK
 
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
Unit 1: Introduction Cloud Computing-PPT by Dr. K.Adisesha
byAdiseshaK
 
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Develop and Implement a Maintenance Competency Plan | Build Skilled, Reliable...
byMaintWiz Technologies Private Limited
 
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
2025 MediaEval Medico Organizer Presentation
bySushant Gautam
 
Step by Step Guide to OVERHAULING GENERATORS on Ships
byMahmoud Moghtaderi
 
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
Operating System Concepts-Memory Management by Dr. K. Adisesha
byAdiseshaK
 
Trade Secret.pptx (Trade Secret.pptx.pptx)
byganeshchalla7
 
AI-DRIVEN CTI FOR BUSINESS: EMERGING THREATS, ATTACK STRATEGIES, AND DEFENSIV...
byAIRCC Publishing Corporation
 
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
Meraki Cloud Management and Monitoring for Catalyst - Cisco Certificate
byVICTOR MAESTRE RAMIREZ
 
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
Impact of Different Curing Techniques in Evaluating the Strength of the Rolle...
byAbdullah Al-Ani
 
Unit - III Analysis of Pin Jointed Plane Trusses / Frames
bynmmorkane
 
EARTHWORM DIGESTIVE SYSTEM by a student.pptx
byGabPeralta2
 
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 

devsecops-reference-architectures-2018.pdf

  • 1.
    DevSecOps Reference Architectures Derek E.Weeks VP and DevOps Advocate Sonatype 2018
  • 2.
    About this collection 1. Thereference architectures can be used to validate choices you have made or are planning to make. 2. They are curated from the community. You will notice a number of common elements that are used repeatedly. 3. Each image has a link to its original source in the speaker notes, enabling you to deep dive for more knowledge. If you would like to have your reference architecture added to this deck, please send it to [email protected].
  • 3.
    Integration Points andDegree of Automation DevSecOpsTooling Design Development (IDE) Repository Manager CI/CD Post-Deployment Open source governance Open source software analysis n/a Static Application Security Testing (SAST) n/a Dynamic Application Security Testing (DAST) n/a n/a n/a Interactive Application Security Testing (IAST) n/a n/a n/a Mobile Application Security Testing (MAST) n/a n/a Run-time Application Self Protection (RASP) n/a n/a n/a Container and Infrastructure Security n/a Source: Gartner, December 2017, Structuring Application Security Practices and Tools to Support DevOps and DevSecOps Degrees of DevSecOps Automation
  • 4.
    Common Elements ofa DevSecOps Pipeline
  • 5.
    DevSecOps according toU.S. Dept of Defense/JIDO Source: ADDO ‘17 “Governance and Transparency in GovSec DevOps: Leonel Garciga”
  • 6.
    DevSecOps according toMagno Rodrigues Source: Stefan Streichsbier Linked in Slides “DevSecOps - The big picture”
  • 7.
    DevSecOps according toCarnegie Mellon’s SEI Source: Derek Weeks, DZone “From Water-Scrum-Fall to DevSecOps”
  • 8.
    DevSecOps according to Jim Bird Source:Jim Bird, O’Reilly “DevOpsSec: Securing Software through Continuous Delivery”
  • 9.
    DevSecOps according toLarry Maccherone Source: Larry Maccherone @Lmaccherone, Twitter “Annotated DevSecOps cycle”
  • 10.
    DevSecOps according toSteve Springett Source: Steve Springett, GitHub “Dependency-Track”
  • 11.
    DevSecOps according toTeachEra Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
  • 12.
    Learn More From Your Peers 21DevSecOps practitioners from leading enterprises to shared their experiences and best practices. All 21 recordings are available for free at www.alldaydevops.com.
  • 13.
    DevSecOps according toCoveros Source: Alan Crouch, Coveros “Implementing the DevSecOps Process”
  • 14.
    DevSecOps according toAaron Weaver Source: Stefan Streichsbier Linked in “DevSecOps - The big picture”
  • 15.
    DevSecOps according toDr. Ravi Rajamiyer Source: Dr. Ravi Rajamiyer, DevOps Summit Journal “When “IoC” meets “SoC’”
  • 16.
    DevSecOps according toACROSEC Source: Derek Weeks, Acrosec “Three important elements of Application Security: "Shift Left", "Security by Design" and "DevSecOps’”
  • 17.
    DevSecOps according toRanger4 Source: Helen Beal, Linked in “DevSecOps is it a Good Thing”
  • 18.
    DevSecOps according toAWS @IanMmmm Source: Ian Massingham, @IanMmmm, Linked In “Securing Systems at Cloud Scale with DevSecOps”
  • 19.
    DevSecOps according toAWS Source: Priyanka Aash, Linked In “DevSecOps in Baby Steps”
  • 20.
    DevSecOps according toAccenture Source: ADDO’17, YouTube “DevOps in Secure Environments: Strategies for Success: Dominic Delmolino”
  • 21.
    DevSecOps according toShine Solutions Source: Archi Gunasekara, Shine Solutions “The Emmergence of the three towers:DecSecOps”
  • 22.
    DevSecOps according toEllucian Source: Mohammad Imran, Linked in “Practical DevSecOps Course - Part 1”
  • 23.
    DevSecOps according toWhiteHat Security Source: White Hat Security “Take Control Design a complete DevOps Program”
  • 24.
    DevSecOps according toGSA Source: Tech at GSA “Building DevSecOps Culture”
  • 25.
    DevSecOps according toSense of Security Source: ADDO’17, Youtube “DevOps: A How-To for Agility with Security: Murray Goldschmidt”
  • 26.
    We would loveto add your DevSecOps reference architecture to this deck. How? 1. Send it to me ([email protected]), with the subject line: DevSecOps reference architecture. 2. Provide me link as to where people can find more information about the architecture (e.g., your blog, a video, a SlideShare deck). 3. I’ll add it to this deck with full attribution to you, and let you know that it’s been updated. It’s that easy. We all learn with help from the community. Thank you for your contributions!
  • 27.
    About the Author Derek Weeks VPand DevOps Advocate, Sonatype Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus repository manager and the global leader in solutions for software supply chain automation. Derek is also the co-founder of All Day DevOps -- an online community of 40,000 IT professionals, and the lead researcher behind the annual State of the Software Supply Chain report for the DevOps industry. In 2018, Derek was recognized by DevOps.com as the“Best DevOps Evangelist”for his work in the community.