search menu icon-carat-right cmu-wordmark

Subject: Software and Information Assurance

Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

• DevOps Blog
Shane Ficorilli

According to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase (design, develop, test) more often than non-DevOps organizations." Since DevOps enables strong collaboration and automation of the process and enforces traceability, mature DevOps organizations are more likely to perform automated security analysis than non DevOps organizations. My previous blog post, Microcosm: A Secure DevOps Pipeline as Code, helped address the...

Read More