top of page

DevSecOps

DevSecOps 

stands for development, security, and operations—automates the integration of security at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery.  

Like DevOps, DevSecOps is as much about culture and shared responsibility as it is about any specific technology or technique. Also, like DevOps, the goals of DevSecOps are to release better software faster, and to detect and respond to software flaws in production faster and with more efficiency. 

Benefits

Cost Reduction is achieved by detecting and fixing security issues during the development phases. 

 

Speed of delivery is increased as security bottlenecks are minimized or eliminated. 

 

Immutable infrastructure improves overall security by reducing vulnerabilities and increasing code coverage and automation. 

Enhanced monitoring and auditing lead to improved threat hunting, which reduces the likelihood of a breach. 

 

Speed of recovery is enhanced in the case of a security incident by utilizing templates.  

 

DevSecOps fosters a culture of openness and transparency from the earliest stages of development. 

Project Impact 
FDA Foreign Inspection Planning and Scheduling System (FIPSS) 
HUD Quality Assurance and Integration and Configuration Services (QAICS) 
FEMA Data Exchange (FEMADex) 

Implemented end-to-end DevSecOps pipeline for containers at FDA OIMT. 

  • Containerization-as-a-Service (CaaS) using Kubernetes, reducing up-front cost, total cost of ownership, and time to release. 

  • CI/CD pipeline using Jenkins, promoting DevOps practices and continuous integration. 

Implemented DevSecOps to provide HUD with CI/CD services and infrastructure innovation.  

  • Implemented agency-wide CI/CD capability shared across 25+ projects with 200+ developers.   

  • Deploy new functionality within hours to the development, test, and production environment. 

Implemented DevSecOps to provide FEMA with CI/CD services for data analytics platform. 

  • Implemented automated workspace management to provision personal or team workspace on-demand suitable for analysts and scientists. 

bottom of page