IBM Cloud Docs
DevSecOps application lifecycle management

DevSecOps application lifecycle management

The DevSecOps deployable architecture creates a set of DevOps Toolchains and pipelines. DevSecOps uses Continuous Delivery (Git Repos and Issue Tracking, Tekton Pipelines, DevOps Insights, and Code Risk Analyzer), Secrets Manager, Key Protect, Cloud Object Storage, Container Registry and Vulnerability Advisor.

Out of the box, DevSecOps also leverages popular scanning tools such as SonarQube, GoSec, OWASP Zap (dynamic scan), any unit test framework, and GPG signing. It can also be used with more tools such as external Git providers and artifact stores. DevSecOps supports hybrid deployments, in particular by using private pipeline workers, and can be interfaced with other deployment tools such as Satellite Config.

For more details on DevSecOps with Continuous Delivery. See this topic: DevSecOps with Continuous Delivery

Architecture diagram

DevSecOps Application Lifecycle Management Arch Diagram
Figure 1. Architecture diagram for a set of DevSecOps CI/CD/CC toolchains using the Continuous Delivery service on IBM Cloud

Design requirements

Design requirements for the DevSecOps Application Lifecycle Management
Figure 2. Scope of the design requirements


The following components are included that support the requirements. Alternatives are included where they are available and work with this architecture.

Table 1. Components
Requirement Component Reasons for choice Alternative choice
Continuous Integration Toolchain Toolchain Service The continuous integration toolchain and pipelines tests, scans and builds the deployable artifacts from the application repositories.
Continuous Deployment Toolchain Toolchain Service The continuous deployment toolchain and pipeline generates all of the evidence and change request summary content. The pipeline deploys the build artifacts to an environment, such as staging or production, and then collects, creates, and uploads all existing log files, evidence, and artifacts to the evidence locker.
Continuous Compliance Toolchain Toolchain Service The continuous compliance toolchain and pipeline periodically scans the deployed artifacts and their source repositories.

Next steps

Install the DevSecOps application lifecycle management deployable architecture on this infrastructure. More information here