Skip to content

Latest commit

 

History

History
22 lines (18 loc) · 1.95 KB

devsecopsmanifesto.md

File metadata and controls

22 lines (18 loc) · 1.95 KB

DEVSECOPS MANIFESTO

With DevSecOps, part of the architecture can be captured as a code. Centralized configuration management and infrastructure are widely used as a code. Even the compliance and audit can and must be standardised in structured language.

Structured languages that are used to configure databases, firewalls, servers, applications, or containers, must be readable. Architectural standards are defined only once and evolving based on the need of internal or external customers, and the code is automatically distributed and configured on all architectural components of specific type. A high degree of automation is critical parameter to security in agile environments. The DevSecOps toolkit provides a complete process of deploying, building and innovating systems in a controlled manner.

  • Interaction between people is a must.
  • Security must work as a Business enabler
  • The priority is to provide secure and funcional software with added value for the customer.
  • IT and cyber security security must work with development, risk and business people on a daily basis.
  • Changes are welcome because they allow them to respond to new threats, risks and vulnerabilities.
  • Security is a priority for delivering high-quality software and architecture as a code.
  • Security is functional requirement.
  • Teams must share knowledge in information and cyber security for growth
  • Overall maturity of community resulting into guild.
  • Automation and security coding is a long-term goal for architecture as a code.
  • Security artefacts must be self-documented.
  • Automate what is possible
  • Codify with machine and humans in mind. Codify Threat models, documentation, infrastructure and CI/CD.

Scaled learning must be big part of the process. People exchange the knowledge and learn about varioud fields like cloud, devops, infra, software. Individuals develop M-shaped knowledge base, expertize in at least two areas connected with general knowledge and skills.