SEI Blog | DevSecOpshttps://insights.sei.cmu.edu/feeds/topic/devsecops/atom/?utm_source=blog&utm_medium=rss2024-03-11T00:00:00-04:00Updates on changes and additions to the SEI Blog for posts matching DevSecOpsExample Case: Using DevSecOps to Redefine Minimum Viable Product2024-03-11T00:00:00-04:002024-03-11T00:00:00-04:00Joe Yankelhttps://insights.sei.cmu.edu/blog/example-case-using-devsecops-to-redefine-minimum-viable-product/This SEI blog post, authored by SEI interns, describes their work on a microservices-based software application, an accompanying DevSecOps pipeline, and an expansion of the concept of minimum viable product to minimum viable process.Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways2023-12-18T00:00:00-05:002023-12-18T00:00:00-05:00William Novakhttps://insights.sei.cmu.edu/blog/acquisition-archetypes-seen-in-the-wild-devsecops-edition-clinging-to-the-old-ways/This SEI blog post draws on SEI experiences conducting independent technical assessments to examine problems common to disparate acquisition programs. It also provides recommendations for recovering from these problems and preventing them from recurring.Extending Agile and DevSecOps to Improve Efforts Tangential to Software Product Development2023-08-07T00:00:00-04:002023-08-07T00:00:00-04:00David Sweeney, Lyndsi Hugheshttps://insights.sei.cmu.edu/blog/extending-agile-and-devsecops-to-improve-efforts-tangential-to-software-product-development/The modern software engineering practices of Agile and DevSecOps have revolutionized the practice of software engineering. This blog post explores use of these practices in capability delivery and business mission.5 Challenges to Implementing DevSecOps and How to Overcome Them2023-06-12T00:00:00-04:002023-06-12T00:00:00-04:00Joe Yankel, Hasan Yasarhttps://insights.sei.cmu.edu/blog/5-challenges-to-implementing-devsecops-and-how-to-overcome-them/The shift from project- to program-level thinking raises numerous challenges to DevSecOps implementation. This SEI Blog post articulates these challenges and ways to overcome them.Actionable Data from the DevSecOps Pipeline2023-05-01T00:00:00-04:002023-05-01T00:00:00-04:00Bill Nichols, Julie Cohenhttps://insights.sei.cmu.edu/blog/actionable-data-from-the-devsecops-pipeline/In this blog post, we explore decisions that program managers make and information they need to confidently make decisions with data from DevSecOps pipelines.Writing Ansible Roles with Confidence2022-11-07T00:00:00-05:002022-11-07T00:00:00-05:00Matthew Heckathornhttps://insights.sei.cmu.edu/blog/writing-ansible-roles-with-confidence/How do you write Ansible roles in a way where you can be confident your role works as intended? This post provides guidance on how to best begin developing Ansible roles.A Technical DevSecOps Adoption Framework2022-10-24T00:00:00-04:002022-10-24T00:00:00-04:00Vanessa Jackson, Lyndsi Hugheshttps://insights.sei.cmu.edu/blog/a-technical-devsecops-adoption-framework/This blog post describes our new DevSecOps adoption framework that guides the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.Combining Security and Velocity in a Continuous-Integration Pipeline for Large Teams2022-07-11T00:00:00-04:002022-07-11T00:00:00-04:00Alejandro Gomezhttps://insights.sei.cmu.edu/blog/combining-security-and-velocity-in-a-continuous-integration-pipeline-for-large-teams/This post explores how one team managed—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.Modeling DevSecOps to Protect the Pipeline2022-06-13T00:00:00-04:002022-06-13T00:00:00-04:00Timothy Chick, Joe Yankelhttps://insights.sei.cmu.edu/blog/modeling-devsecops-to-protect-the-pipeline/This blog post presents a DevSecOps Platform-Independent Model that uses model based system engineering constructs to formalize the practices of DevSecOps pipelines and organize guidance.From Model-Based Systems and Software Engineering to ModDevOps2021-11-22T00:00:00-05:002021-11-22T00:00:00-05:00Jerome Hugues, Joe Yankelhttps://insights.sei.cmu.edu/blog/from-model-based-systems-and-software-engineering-to-moddevops/Introduction to ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) technologyThe Role of DevSecOps in Continuous Authority to Operate2021-10-04T00:00:00-04:002021-10-04T00:00:00-04:00Tom Scanlonhttps://insights.sei.cmu.edu/blog/the-role-of-devsecops-in-continuous-authority-to-operate/DevSecOps favors rapid development and deployment. Such rapid development and deployment must be balanced against the need to ensure software systems are secure with minimal risk, thus enabling them to receive timely ATOs and continuous ATOs.Taking DevSecOps to the Next Level with Value Stream Mapping2021-05-24T00:00:00-04:002021-05-24T00:00:00-04:00Nanette Brownhttps://insights.sei.cmu.edu/blog/taking-devsecops-to-the-next-level-with-value-stream-mapping/This post explores the relationship between DevSecOps and value stream mapping, both of which are rooted in the Lean approach to systems and workflow. It also provides guidance on preparing to conduct value stream mapping within a software-intensive product development environment.Aligning DevSecOps and Machine Learning2021-05-03T00:00:00-04:002021-05-03T00:00:00-04:00Luiz Antuneshttps://insights.sei.cmu.edu/blog/aligning-devsecops-and-machine-learning/Luiz Antunes explores the machine learning (ML) and DevSecOps domains and proposes ways to use them in collaboration for increased performance.The Current State of DevSecOps Metrics2021-03-29T00:00:00-04:002021-03-29T00:00:00-04:00Bill Nicholshttps://insights.sei.cmu.edu/blog/the-current-state-of-devsecops-metrics/DevSecOps practices yield useful, valuable information about software performance that is likely to lead to innovations in software engineering metrics.Comparing DevSecOps and Systems Engineering Principles2021-03-15T00:00:00-04:002021-03-15T00:00:00-04:00Richard Turnerhttps://insights.sei.cmu.edu/blog/comparing-devsecops-and-systems-engineering-principles/This SEI Blog post compares and contrasts DevSecOps and Systems Engineering Body of Knowledge (SEBoK), discussing their shared goals and areas of divergence.A Framework for DevSecOps Evolution and Achieving Continuous-Integration/Continuous-Delivery (CI/CD) Capabilities2021-02-15T00:00:00-05:002021-02-15T00:00:00-05:00Lyndsi Hughes, Vanessa Jacksonhttps://insights.sei.cmu.edu/blog/a-framework-for-devsecops-evolution-and-achieving-continuous-integrationcontinuous-delivery-cicd-capabilities/Implementing a development environment with continuous-integration and continuous-delivery (CI/CD) pipeline capabilities and DevSecOps practices can be challenging. Here's how to avoid incomplete adoption or ineffective implementation.What Is Digital Engineering and How Is It Related to DevSecOps?2020-11-16T00:00:00-05:002020-11-16T00:00:00-05:00David Shepard, Julia Scherbhttps://insights.sei.cmu.edu/blog/what-digital-engineering-and-how-it-related-devsecops/Discover how Digital Engineering intersects with DevSecOps in this informative SEI Blog article.Migrating Applications to Kubernetes2020-08-10T00:00:00-04:002020-08-10T00:00:00-04:00Richard Laughlinhttps://insights.sei.cmu.edu/blog/migrating-applications-to-kubernetes/This SEI Blog post offers a process for Kubernetes migration planning by asking relevant questions, considering differences in cloud-native architectures.Evaluating the Post Assessment DevOps Posture: Eighth in a Series2020-07-14T00:00:00-04:002020-07-14T00:00:00-04:00Jose Moraleshttps://insights.sei.cmu.edu/blog/evaluating-post-assessment-devops-posture-eighth-series/In an ideal scenario, organizations that complete a DevOps assessment will implement all of the assessment's recommendations to improve their software development lifecycle (SDLC)....Writing and Delivering the Final DevOps Assessment Report: Seventh in a Series2020-06-16T00:00:00-04:002020-06-16T00:00:00-04:00Jose Moraleshttps://insights.sei.cmu.edu/blog/writing-and-delivering-final-devops-assessment-report-seventh-series/The time has come for the final step of the DevOps Assessment: the final report. Now is your chance to document all your findings, recommendations, and related material....