Blog Posts
Extending Agile and DevSecOps to Improve Efforts Tangential to Software Product Development
The modern software engineering practices of Agile and DevSecOps have revolutionized the practice of software engineering. This blog post explores use of these practices in capability delivery and business mission.
• By David Sweeney, Lyndsi A. Hughes
In DevSecOps
5 Challenges to Implementing DevSecOps and How to Overcome Them
The shift from project- to program-level thinking raises numerous challenges to DevSecOps implementation. This SEI Blog post articulates these challenges and ways to overcome them.
• By Joe Yankel, Hasan Yasar
In DevSecOps
Actionable Data from the DevSecOps Pipeline
In this blog post, we explore decisions that program managers make and information they need to confidently make decisions with data from DevSecOps pipelines.
• By Bill Nichols, Julie B. Cohen
In DevSecOps
Writing Ansible Roles with Confidence
How do you write Ansible roles in a way where you can be confident your role works as intended? This post provides guidance on how to best begin developing Ansible …
• By Matthew Heckathorn
In DevSecOps
A Technical DevSecOps Adoption Framework
This blog post describes our new DevSecOps adoption framework that guides the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.
• By Vanessa B. Jackson, Lyndsi A. Hughes
In DevSecOps
Combining Security and Velocity in a Continuous-Integration Pipeline for Large Teams
This post explores how one team managed—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.
• By Alejandro Gomez
In DevSecOps
Modeling DevSecOps to Protect the Pipeline
This blog post presents a DevSecOps Platform-Independent Model that uses model based system engineering constructs to formalize the practices of DevSecOps pipelines and organize guidance.
• By Timothy A. Chick, Joe Yankel
In DevSecOps
From Model-Based Systems and Software Engineering to ModDevOps
Introduction to ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) technology
• By Jerome Hugues, Joe Yankel
In DevSecOps
The Role of DevSecOps in Continuous Authority to Operate
DevSecOps favors rapid development and deployment. Such rapid development and deployment must be balanced against the need to ensure software systems are secure with minimal risk, thus enabling them to …
• By Tom Scanlon
In DevSecOps
Taking DevSecOps to the Next Level with Value Stream Mapping
This post explores the relationship between DevSecOps and value stream mapping, both of which are rooted in the Lean approach to systems and workflow. It also provides guidance on preparing …
• By Nanette Brown
In DevSecOps
