DevSecOps Application Lifecycle Management

DevSecOps provides a set of predefined continuous integration, continuous deployment and continuous compliance toolchain templates.

IBM
Date of last update: 09/25/2025
Docs
Get help
Readme file
Details
Type
Terraform
Provider
IBM
Category
Converged infrastructure
Enterprise applications
Last updated
09/25/2025
Product version
2.8.12
Variation
Deploy to Kubernetes
Est. deployment time:
5min
Programmatic name
Product ID
Version locator
Catalog ID
Content source URL
Owning account ID

Details

Type

Terraform

Provider

Last updated

09/25/2025

Product version

2.8.12

Variation

Deploy to Kubernetes

Est. deployment time:

5min

Programmatic name

Product ID

Version locator

Catalog ID

Content source URL

Owning account ID

Overview

This deployable architecture provides tools to securely deploy application code using DevSecOps pipelines. Out of the box, these pipelines use popular scanning tools such as SonarQube, Gosec, OWASP Zap (dynamic scan), any unit test framework, and GPG for image signing. Please refer to the Deployment guide to understand the requirements beforehand.

Features and capabilities

DevSecOps

A complete end to end GitOps based reference architecture for managing the security posture of your application.

Select a variation

Deploy to Kubernetes

Variation version

Starts at

$0.00

Monthly

Est. deployment time: 5min

Application

Deploy a sample application to Kubernetes using DevSecOps best practices.

Deploy to Code Engine

Variation version

Starts at

$0.00

Monthly

Est. deployment time: 6min

Application

Deploy a sample application to Code Engine using DevSecOps best practices.

*Starting cost is an estimate based on available data as of September 11th, 2025. It does not include all resources, usage, licenses, fees, discounts, or taxes.

DevSecOps Toolchains

The DevSecOps Application Lifecycle Management deployable architecture consists of three Continuous Delivery Toolchains, one each for development (Continuous Integration), production deployment (Continuous Deployment), and ongoing compliance validation for the deployed app (Continuous Compliance). Together they enable secure and compliant application delivery on IBM Cloud.

The IBM Cloud Security and Compliance Center manages compliance profiles that indicate when a product meets defined requirements. Each profile can contain multiple controls. Only controls that are claimed and scanned are displayed in the table. DevSecOps Application Lifecycle Management claims the following security and compliance information.

IBM Cloud Framework for Financial Services profile

Profile version 1.6.0

Partial scan

	Category	Description
	CM	Configuration Management

	RA	Risk Assessment

	SA	System and Services Acquisition

	SI	System and Information Integrity

Site	https://github.com/terraform-ibm-modules/terraform-ibm-devsecops
other	https://github.com/terraform-ibm-modules/terraform-ibm-devsecops/issues Support availability 24 hours / 7 days a week Estimated Response Time 72 hours
Support locations	Support locations refer to all of the countries in which product support teams are located. Ireland

Contact	You must wait 1 hour after you contact this product's support before you can begin the escalation process. Escalation Contact Estimated Response Time 1 hour

Summary