DoD Enterprise DevSecOps Reference Design from the DoD CIO – A Summary Content referenced from: https://dodcio.defense.gov/Portals/0/Documents/DoD%20Enterprise%20DevSecOps%20Reference %20Design%20v1.0_Public%20Release 0_Public%20Release.pdf?ver=2019-09-26-115824-583 DevSecOps – Defined by DoD CIO DevSecOps is an organizational software engineering culture and practice that aims at unifying software development (Dev) characteristic of DevSecOps is to automate, monitor, and apply security at all phases of the software lifecycle: plan, develop, build, test, release, deliver, deploy, operate, and monitor. In DevSecOps, testing

founded on open source software and modern cloud-native practices. Along the way, they have kept DevSecOps as their top priority. To make this transformation possible, they leveraged the platform approach for development and monitoring. With RBAC, SSO, and Git’s version control, you can make core DevSecOps practices the norm without any added effort. Leverage Flagger and a service mesh tool to execute

into your CI/CD process brings in security earlier in the process. This methodology is known as DevSecOps [8.7]. Base Image Selection Base image selection is an important factor in security. It’s a lot com/en/resources/advanced-cluster-security-for- kubernetes-datasheet [8.7] https://developers.redhat.com/topics/devsecops/ [8.8] https://developers.redhat.com/blog/2021/04/13/how-to-pick-the-right- container-base-image