Seu SlideShare está sendo baixado. ×

DevSecOps reference architectures 2018

•

01 de Fev de 2018

• •

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

Anúncio

DevSecOps
Reference Architectures
Derek E. Weeks
VP and DevOps Advocate
Sonatype
2018

About this
collection
1. The reference architectures can be used to validate choices you have made or
are planning to make...

Integration Points and Degree of Automation
DevSecOpsTooling Design Development (IDE) Repository
Manager
CI/CD Post-Deploy...

Common Elements of a DevSecOps Pipeline

DevSecOps according to U.S. Dept of Defense/JIDO

DevSecOps according to Magno Rodrigues

DevSecOps according to Carnegie Mellon’s
SEI

DevSecOps
according to
Jim Bird

DevSecOps according to Larry Maccherone

DevSecOps according to Steve Springett

DevSecOps according to TeachEra

Learn More
From Your
Peers
21 DevSecOps practitioners from leading enterprises to shared their experiences and best practi...

DevSecOps according to Coveros

DevSecOps according to Aaron Weaver

DevSecOps according to Dr. Ravi Rajamiyer

DevSecOps according to ACROSEC

DevSecOps according to Ranger4

DevSecOps according to AWS
@IanMmmm

DevSecOps according to AWS

DevSecOps according to Accenture

DevSecOps according to Shine Solutions

DevSecOps according to Ellucian

DevSecOps according to WhiteHat Security

DevSecOps according to GSA
https://tech.gsa.gov/guides/building_devsecops_culture/

DevSecOps according to Sense of Security

We would love to add your DevSecOps
reference architecture to this deck.
How?
1. Send it to me (weeks@sonatype.com), with
...

DevSecOps reference architectures 2018

Próximo SlideShare

Próximos SlideShares

2019 DevSecOps Reference Architectures

2019 DevSecOps Reference Architectures

Carregando em…3

×

Confira estes a seguir

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevOps Indonesia

DevOps or DevSecOps

Michelangelo van Dam

DevSecOps: What Why and How : Blackhat 2019

NotSoSecure Global Services

DevSecOps Implementation Journey

DevOps Indonesia

The State of DevSecOps

DevOps Indonesia

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

DevSecOps reference architectures 2018

01 de Fev de 2018

• •

Baixar para ler offline

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevOps 2018

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevOps 2018

Mais Conteúdo rRelacionado

250 visualizações

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevOps Indonesia

191 visualizações

412 visualizações

DevOps or DevSecOps

Michelangelo van Dam

971 visualizações

DevSecOps: What Why and How : Blackhat 2019

NotSoSecure Global Services

5.9k visualizações

DevSecOps Implementation Journey

DevOps Indonesia

233 visualizações

The State of DevSecOps

DevOps Indonesia

1.7k visualizações

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

133 visualizações

SCS DevSecOps Seminar - State of DevSecOps

Stefan Streichsbier

820 visualizações

Implementing DevSecOps

Amazon Web Services

1.4k visualizações

DevOps Introduction

3.5k visualizações

DevSecOps at Agile 2019

501 visualizações

DevOps to DevSecOps Journey..

Siddharth Joshi

133 visualizações

DevSecOps Basics with Azure Pipelines

470 visualizações

The New Security Playbook: DevSecOps

738 visualizações

MohammadSaif904342

488 visualizações

Securing Systems at Cloud Scale with DevSecOps

Amazon Web Services

6.7k visualizações

ABN AMRO DevSecOps Journey

1.4k visualizações

DevSecOps What Why and How

NotSoSecure Global Services

448 visualizações

Introduction to DevSecOps

Amazon Web Services

7.3k visualizações

250 visualizações

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevOps Indonesia

191 visualizações

412 visualizações

DevOps or DevSecOps

Michelangelo van Dam

971 visualizações

DevSecOps: What Why and How : Blackhat 2019

NotSoSecure Global Services

5.9k visualizações

DevSecOps Implementation Journey

DevOps Indonesia

233 visualizações

190 visualizações

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Mohammed A. Imran

737 visualizações

Strengthen and Scale Security for a dollar or less

Mohammed A. Imran

479 visualizações

4 approaches to integrate dev secops in development cycle

52 visualizações

Pentest is yesterday, DevSecOps is tomorrow

Amien Harisen Rosyandino

589 visualizações

DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership

41 visualizações

Scale security for a dollar or less

Mohammed A. Imran

673 visualizações

The DevSecOps Builder’s Guide to the CI/CD Pipeline

606 visualizações

DevSecOps: The DoD Software Factory

3.8k visualizações

The Emergent Cloud Security Toolchain for CI/CD

327 visualizações

Enterprise Devsecops

6 visualizações

DevSecOps The Evolution of DevOps

1.1k visualizações

Practical appsec lessons learned in the age of agile and DevOps

127 visualizações

The Emergent Cloud Security Toolchain for CI/CD

125.7k visualizações

ICONIQ Analytics: The Modern Developer Technology Stack

Christine Edmonds

953 visualizações

WHAT IS DEVSECOPS AND ITS IMPORTANCE

148 visualizações

DevSecOps | DevOps Sec

1.2k visualizações

Dev secops indonesia-devsecops as a service-Amien Harisen

308 visualizações

Scaling DevSecOps Culture for Enterprise

165 visualizações

How not to fall into the DevSecOps trap

94 visualizações

190 visualizações

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Mohammed A. Imran

737 visualizações

Strengthen and Scale Security for a dollar or less

Mohammed A. Imran

479 visualizações

4 approaches to integrate dev secops in development cycle

52 visualizações

Pentest is yesterday, DevSecOps is tomorrow

Amien Harisen Rosyandino

589 visualizações

DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership

41 visualizações

DevOps Days Columbus - Derek Weeks - 2019

2.1k visualizações

RSAC DevSecOpsDays 2018 - We are all Equifax

4.1k visualizações

30+ Nexus Integrations to Accelerate DevOps

2.3k visualizações

2017 DevSecOps Survey

665 visualizações

Starting and Scaling DevOps In the Enterprise

1k visualizações

DevOps Friendly Doc Publishing for APIs & Microservices

645 visualizações

The Unrealized Role of Monitoring & Alerting w/ Jason Hand

844 visualizações

DevOps and All the Continuouses w/ Helen Beal

590 visualizações

Serverless and the Way Forward

325 visualizações

A Small Association's Journey to DevOps w/ Edward Ruiz

908 visualizações

What's My Security Policy Doing to My Help Desk w/ Chris Swan

368 visualizações

Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors

440 visualizações

Static Analysis For Security and DevOps Happiness w/ Justin Collins

384 visualizações

Automated Infrastructure Security: Monitoring using FOSS

1.2k visualizações

System Hardening Using Ansible

4.2k visualizações

There is No Server: Immutable Infrastructure and Serverless Architecture

1.1k visualizações

Getting out of the Job Jungle with Jenkins

543 visualizações

Modern Infrastructure Automation

1.9k visualizações

Continuous Everyone: Engaging People Across the Continuous Pipeline

154 visualizações

The Road to Continuous Deployment

210 visualizações

DevOps Days Columbus - Derek Weeks - 2019

2.1k visualizações

RSAC DevSecOpsDays 2018 - We are all Equifax

4.1k visualizações

30+ Nexus Integrations to Accelerate DevOps

2.3k visualizações

2017 DevSecOps Survey

665 visualizações

Starting and Scaling DevOps In the Enterprise

1k visualizações

DevOps Friendly Doc Publishing for APIs & Microservices

645 visualizações

0 visualizações

Manage Microservices Chaos and Complexity with Observability

10 visualizações

21121F0097.pptx

0 visualizações

Design principles to modularise a monolith codebase.pptx

Prashant Kalkar

0 visualizações

How to Remove Bloatware on Windows 11.docx

0 visualizações

DHIRAJSARIKAJAIN

0 visualizações

Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023

15 visualizações

WEB DESIGN PRACTICLE bca

0 visualizações

2023comp90024_linux.pdf

3 visualizações

cscript_controller.pdf

0 visualizações

Tackling Deep Software Variability Together

0 visualizações

OpenChain Webinar #50 - An Overview of SPDX 3.0

0 visualizações

Centralise legacy auth at the ingress gateway

Andrew Kirkpatrick

0 visualizações

Making Decisions - From Software Architecture Theory to Practice

0 visualizações

GwayERP-Brochure -.PDF

0 visualizações

Cursory Technologies

Cursory Technologies

0 visualizações

SignalR or gRPC: Choosing the Right Technology for Real-Time Communication in...

TienNguyen799757

0 visualizações

Serial(ize) killers, czyli jak popsuliśmy API

0 visualizações

“State of the Tooling” in Open Source Automation

0 visualizações

Organization and challenges (with best practices) behind a successful open-so...

Francesco Corti

3 visualizações

0 visualizações

Manage Microservices Chaos and Complexity with Observability

10 visualizações

21121F0097.pptx

0 visualizações

Design principles to modularise a monolith codebase.pptx

Prashant Kalkar

0 visualizações

How to Remove Bloatware on Windows 11.docx

0 visualizações

DHIRAJSARIKAJAIN

0 visualizações

DevSecOps reference architectures 2018

1. DevSecOps Reference Architectures Derek E. Weeks VP and DevOps Advocate Sonatype 2018
2. About this collection 1. The reference architectures can be used to validate choices you have made or are planning to make. 2. They are curated from the community. You will notice a number of common elements that are used repeatedly. 3. Each image has a link to its original source in the speaker notes, enabling you to deep dive for more knowledge. If you would like to have your reference architecture added to this deck, please send it to weeks@sonatype.com.
3. Integration Points and Degree of Automation DevSecOpsTooling Design Development (IDE) Repository Manager CI/CD Post-Deployment Open source governance Open source software analysis n/a Static Application Security Testing (SAST) n/a Dynamic Application Security Testing (DAST) n/a n/a n/a Interactive Application Security Testing (IAST) n/a n/a n/a Mobile Application Security Testing (MAST) n/a n/a Run-time Application Self Protection (RASP) n/a n/a n/a Container and Infrastructure Security n/a Source: Gartner, December 2017, Structuring Application Security Practices and Tools to Support DevOps and DevSecOps Degrees of DevSecOp s Automatio n
4. Common Elements of a DevSecOps Pipeline
5. DevSecOps according to U.S. Dept of Defense/JIDO
6. DevSecOps according to Magno Rodrigues
7. DevSecOps according to Carnegie Mellon’s SEI
8. DevSecOps according to Jim Bird
9. DevSecOps according to Larry Maccherone
10. DevSecOps according to Steve Springett
11. DevSecOps according to TeachEra
12. Learn More From Your Peers 21 DevSecOps practitioners from leading enterprises to shared their experiences and best practices. All 21 recordings are available for free at www.alldaydevops.com.
13. DevSecOps according to Coveros
14. DevSecOps according to Aaron Weaver
15. DevSecOps according to Dr. Ravi Rajamiyer
16. DevSecOps according to ACROSEC
17. DevSecOps according to Ranger4
18. DevSecOps according to AWS @IanMmmm
19. DevSecOps according to AWS
20. DevSecOps according to Accenture
21. DevSecOps according to Shine Solutions
22. DevSecOps according to Ellucian
23. DevSecOps according to WhiteHat Security
24. DevSecOps according to GSA https://tech.gsa.gov/guides/building_devsecops_culture/
25. DevSecOps according to Sense of Security
26. We would love to add your DevSecOps reference architecture to this deck. How? 1. Send it to me (weeks@sonatype.com), with the subject line: DevSecOps reference architecture. 2. Provide me link as to where people can find more information about the architecture (e.g., your blog, a video, a SlideShare deck). 3. I’ll add it to this deck with full attribution to you, and let you know that it’s been updated. It’s that easy. We all learn with help from the community. Thank you for your contributions!

Notas do Editor

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevOps 2018
DevOps 2018
DevOps 2018
DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevOps 2018
https://www.youtube.com/watch?v=LNL5J6gIkv0

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevOps 2018
https://www.slideshare.net/StefanStreichsbier/devsecops-the-big-picture-66944652?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=25

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://dzone.com/articles/from-water-scrum-fall-to-devsecops

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
http://www.oreilly.com/webops-perf/free/devopssec.csp

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://twitter.com/LMaccherone/status/843644744538427392

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://github.com/stevespringett/dependency-track

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.slideshare.net/secfigo/practical-devsecops-course-part-1-82334619?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=7

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.coveros.com/implementing-devsecops-process/

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.slideshare.net/StefanStreichsbier/devsecops-the-big-picture-66944652?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=25

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
http://devops.sys-con.com/node/4151782

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.acrosec.jp/qwertz/wp-content/uploads/2018/01/A1_Acrosec_Application_Security_Shift_Left_Security-by-Design_DevSecOps_V1.2.19_english.pdf

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.slideshare.net/DevOpstastic/devsecops-is-it-a-good-thing

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.slideshare.net/AmazonWebServices/securing-systems-at-cloud-scale-with-devsecops

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.slideshare.net/cisoplatform7/devsecops-in-baby-steps-59371055

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.youtube.com/watch?v=Vkn4oIIjyDs

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://shinesolutions.com/2016/05/13/the-emergence-of-the-3-towers-devsecops/

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.slideshare.net/secfigo/practical-devsecops-course-part-1-82334619?qid=c3898139-ccc1-414e-8924-210428f93ba6&v=&b=&from_search=7

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.slideshare.net/DevOpsWebinars/take-control-design-a-complete-devsecops-program-82918313?from_action=save

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://tech.gsa.gov/guides/building_devsecops_culture/

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
https://www.youtube.com/watch?v=YVa8Bn9CRK8

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevOps 2018
DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix