Welcome to Scribd!

Skip carousel

DevSecOps Reference Architecture

Uploaded by

Victor

0% found this document useful (0 votes)

12 views1 page

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

12 views1 page

DevSecOps Reference Architecture

Uploaded by

Victor

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

Level 5 DevSecOps Reference Architecture

Last Modiﬁed: January 16, 2020

Last Modiﬁed By: DJ Schleen

Legend
Threat Detected
Neutralize
Security

Product Architect
Manual Developer

SRE
Automated

Executives Internal Threat

Business Actor

Green Deploy Environment

Supply Chain

Secret Store Secret Store Secret

Secret Management Injection Secret Secret Secret
Injection Injection Injection

Observation
Deployment
Iterate
Notiﬁcations Development IntegrationContent Trust Delivery AppStore / Play
Out of Band Production

Continuous Education Production

Commit TestFlight
Database (DaC) OSSM SCA MTD
DAST Play Beta Threat
Binary Mobile Testing Actor
Scramble
Iterate
Work Item Backlog OSSM
Build SBoM Sign Production DAST
Tracking Commit Production
Message Test Case OSSM SCA PR Package Sign Deploy (Live)
Coding (Live)
--------- Line indicates Blue/Green Lifecycle

Alert Idea Work Item Threat Design Architecture OSSM Sign SAST Integration Sign CVA Sign Customers
Commit Sign Repository
DAST Sign Policy Sign
Promotion Production Chaos
Model Infrastructure OSSM SCA Test Automated Check
as Code Experiments
(Iac) Tests Signatures
Trigger

repository
OSSM SAST Conﬁguration Dark/Canary Business
Open Source Commit Out of Band Database "Staging"
Application OSSM SCA Injection Deployment Acceptance

lifecycle
Repository Migration Testing
Green
(Live)
Deployment Data Stakeholder
Flow Interest
Based on
Third Party OSSM Speed
(Vendors)
Secret Flow Customer / Business
Visible Deployment Customers

Docker OSSM
Registry

lifecycle
ﬁrewall

Ethical Hacking Continued Ethical

Hacking and Penetration
Testing

Red, Blue, and

Purple Teams

Continuous
Observation

Threat Detected
Automated Notiﬁcations Data Science Bring the Chaos

Data Check
Third Party Security Compliance Governance Science Sign
Risk
Security
Data Security Investigation Operations
Aggregation Models and Forensics Center
(SOC)
Continuous
Education

Stage Duration Stage Lag

DRAG

Stage Detail

Devopssec
Document86 pages
Devopssec
Bruno Duarte
100% (1)
Security Architecture
Document6 pages
Security Architecture
studydatadownload
No ratings yet
The AppSec Framework v1.0
Document1 page
The AppSec Framework v1.0
Gritche
100% (3)
The Devsecops Security Checklist: 2Nd Edition
Document28 pages
The Devsecops Security Checklist: 2Nd Edition
jhon due
0% (1)
DevSecOps Presentation
Document20 pages
DevSecOps Presentation
cheenu
100% (4)
SOC, SecOps and SIEM - How They Work Together
Document19 pages
SOC, SecOps and SIEM - How They Work Together
Samir Pathak
100% (1)
Threat Modeling Checklist and Requirement
Document17 pages
Threat Modeling Checklist and Requirement
das
100% (4)
Threat Protection (Windows 10) PDF
Document3,653 pages
Threat Protection (Windows 10) PDF
Sơn Lê Ngọc
No ratings yet
Elasticsearch Sizing and Capacity Planning
Document49 pages
Elasticsearch Sizing and Capacity Planning
Bean & Shin
No ratings yet
DevSecOps A Complete Guide - 2019 Edition
From Everand
DevSecOps A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
DevOps Fundamentals 20171206
Document28 pages
DevOps Fundamentals 20171206
Ricardo Ortizu
100% (2)
AWS Cloud Practitioner Essentials (CLF-C01)
Document55 pages
AWS Cloud Practitioner Essentials (CLF-C01)
Victor
0% (1)
DevSecOps Reference Architectures 2018
Document28 pages
DevSecOps Reference Architectures 2018
buffe
100% (1)
Strengthen and Scale Security Using Devsecops: Owasp Indonesia Meetup
Document44 pages
Strengthen and Scale Security Using Devsecops: Owasp Indonesia Meetup
Cyril Mbede
No ratings yet
DevSecOps - Whitepaper
Document20 pages
DevSecOps - Whitepaper
Tanat Tonguthaisri
100% (1)
Devsecops: A Guide For Buyers
Document7 pages
Devsecops: A Guide For Buyers
phanick
No ratings yet
Devsecops Best Practices
Document6 pages
Devsecops Best Practices
Jean Pierre
100% (1)
A Guide To Impliment DevSecOps
Document21 pages
A Guide To Impliment DevSecOps
Muhammad Yasin
No ratings yet
0418 RSA DevSecOps DevOps Final
Document36 pages
0418 RSA DevSecOps DevOps Final
Edo Krajinic
100% (1)
DevSecOps A Leaders Guide To Producing Secure Software Witho
Document181 pages
DevSecOps A Leaders Guide To Producing Secure Software Witho
Digambar S Tatkare
100% (1)
Introduction To Threat Modeling
Document77 pages
Introduction To Threat Modeling
ArjunKr
No ratings yet
DevSecOps What, Why and How
Document25 pages
DevSecOps What, Why and How
Andy Tanoko
100% (1)
Application Security Cloud
Document31 pages
Application Security Cloud
M S Prasad
100% (1)
Mitre Att&Ck As A Framework For Cloud Threat Investigation: Center For Long-Term Cybersecurity
Document27 pages
Mitre Att&Ck As A Framework For Cloud Threat Investigation: Center For Long-Term Cybersecurity
ivan004
No ratings yet
StealthwatchSolutionOverview TechTalk Security
Document107 pages
StealthwatchSolutionOverview TechTalk Security
Hasitha Siriwardhana
No ratings yet
Threat Modeling With STRIDE
Document94 pages
Threat Modeling With STRIDE
Ravi
No ratings yet
(Exam Outline) : April 2013
Document42 pages
(Exam Outline) : April 2013
Coffee Gee
100% (1)
Secdevops
Document196 pages
Secdevops
Daniel Valero
No ratings yet
Devsecops - Pillar 4: Bridging Compliance and Development
Document36 pages
Devsecops - Pillar 4: Bridging Compliance and Development
DizzyDude
No ratings yet
DevSecOps Complete Self-Assessment Guide
From Everand
DevSecOps Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Tci Reference Architecture Quick Guide
Document24 pages
Tci Reference Architecture Quick Guide
kiranpj
No ratings yet
SIEM Pro Cons
Document58 pages
SIEM Pro Cons
sagar gautam
0% (1)
DevSecOps in Kubernetes
Document77 pages
DevSecOps in Kubernetes
marc Macaaro
No ratings yet
Threat Modelling
Document48 pages
Threat Modelling
Vaijayanthi
No ratings yet
CCSKStudy Guide 1
Document35 pages
CCSKStudy Guide 1
deals4kb
No ratings yet
Aqua Security Ebook Container Security-10 Things DevOps Need To Do
Document12 pages
Aqua Security Ebook Container Security-10 Things DevOps Need To Do
Julio Cesar Juan Luis
No ratings yet
Fundamentals of Application Security
Document57 pages
Fundamentals of Application Security
Marius Ungureanu
No ratings yet
API Security by Joe
Document23 pages
API Security by Joe
pinoatmeh
No ratings yet
Dev Sec Ops
Document181 pages
Dev Sec Ops
Khải Ngô Quang
100% (2)
Advanced Container Security - Jason Umiker - 28jun - Final
Document68 pages
Advanced Container Security - Jason Umiker - 28jun - Final
Kumar Gollapudi
No ratings yet
Design Azure Security
Document885 pages
Design Azure Security
Ravinder Singh
100% (1)
Secdevops: Description and Primer
Document37 pages
Secdevops: Description and Primer
Peter Lamar
No ratings yet
Continuous Kubernetes Security PDF
Document113 pages
Continuous Kubernetes Security PDF
tanmay
No ratings yet
Hybrid Cloud Security Patterns
Document252 pages
Hybrid Cloud Security Patterns
Arthur Sery
No ratings yet
DoD Enterprise DevSecOps Reference Design V1.0
Document89 pages
DoD Enterprise DevSecOps Reference Design V1.0
AlphaBravo
No ratings yet
How To Integrate Security Into Devops
Document15 pages
How To Integrate Security Into Devops
je
No ratings yet
Dev Sec Ops
Document86 pages
Dev Sec Ops
Anderson Lima
No ratings yet
AWS Cloud Security Guidelines
Document11 pages
AWS Cloud Security Guidelines
Narasimha Rao Akundi
No ratings yet
CCSK Study Guide
Document37 pages
CCSK Study Guide
deals4kb
No ratings yet
Hands On Investigation and Threat Hunting Workshop
Document62 pages
Hands On Investigation and Threat Hunting Workshop
Dala Cahyoga
100% (1)
Microsoft Cybersecurity Reference Architectures (MCRA)
Document47 pages
Microsoft Cybersecurity Reference Architectures (MCRA)
Martin Ojeda Knapp
No ratings yet
Azure Network Security
Document29 pages
Azure Network Security
shikhaxohebkhan
100% (2)
Cisco and The NIST Cybersecurity Framework Effective Cybersecurity Risk Management
Document19 pages
Cisco and The NIST Cybersecurity Framework Effective Cybersecurity Risk Management
rishabh sharma
No ratings yet
CISSP Official (ISC) 2 Course Flash Cards 2015
Document572 pages
CISSP Official (ISC) 2 Course Flash Cards 2015
Norm C
No ratings yet
API Gateway Security
Document1 page
API Gateway Security
abhi4wit
0% (1)
SAFECode Dev Practices1108
Document22 pages
SAFECode Dev Practices1108
Sakthi T Vel
No ratings yet
Microservices and Container Security Feature Comparison Vendor Scorecard
Document7 pages
Microservices and Container Security Feature Comparison Vendor Scorecard
Cognitive Unity
No ratings yet
CISSP Session 05
Document74 pages
CISSP Session 05
wfelicesc
No ratings yet
Aws Security by Design 180510183800
Document61 pages
Aws Security by Design 180510183800
coolwere
No ratings yet
Security Architecture
Document9 pages
Security Architecture
Venkatesh Prasad
No ratings yet
Azure Security The Ultimate Step-By-Step Guide
From Everand
Azure Security The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
AWS Security Hub
Document2 pages
AWS Security Hub
Victor
No ratings yet
DevOps & DevSecOps - Overview
Document10 pages
DevOps & DevSecOps - Overview
Victor
No ratings yet
Azure Fundamentals (AZ-900)
Document56 pages
Azure Fundamentals (AZ-900)
Victor
No ratings yet
Sast & Dast: How Does SAST Work?
Document2 pages
Sast & Dast: How Does SAST Work?
Victor
No ratings yet