DevSecOps application lifecycle management
The DevSecOps deployable architecture creates a set of DevOps Toolchains and pipelines. DevSecOps uses Continuous Delivery (Git Repos and Issue Tracking, Tekton Pipelines, DevOps Insights, and Code Risk Analyzer), Secrets Manager, Key Protect, Cloud Object Storage, Container Registry and Vulnerability Advisor.
Out of the box, DevSecOps also leverages popular scanning tools such as SonarQube, GoSec, OWASP Zap (dynamic scan), any unit test framework, and GPG signing. It can also be used with more tools such as external Git providers and artifact stores. DevSecOps supports hybrid deployments, in particular by using private pipeline workers, and can be interfaced with other deployment tools such as Satellite Config.
For more details on DevSecOps with Continuous Delivery. See this topic: DevSecOps with Continuous Delivery
Architecture diagram
Design requirements
Components
The following components are included that support the requirements. Alternatives are included where they are available and work with this architecture.
| Requirement | Component | Reasons for choice | Alternative choice |
|---|---|---|---|
| Continuous Integration Toolchain | Toolchain Service | The continuous integration toolchain and pipelines tests, scans and builds the deployable artifacts from the application repositories. | |
| Continuous Deployment Toolchain | Toolchain Service | The continuous deployment toolchain and pipeline generates all of the evidence and change request summary content. The pipeline deploys the build artifacts to an environment, such as staging or production, and then collects, creates, and uploads all existing log files, evidence, and artifacts to the evidence locker. | |
| Continuous Compliance Toolchain | Toolchain Service | The continuous compliance toolchain and pipeline periodically scans the deployed artifacts and their source repositories. |
Next steps
Install the DevSecOps application lifecycle management deployable architecture on this infrastructure. More information here