Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments

摘要: DevSecOps (DSO) is an approach that integrates development (Dev), security (Sec), and delivery/operations (Ops) of software systems to reduce the time from need capability provide continuous integration delivery (CI/CD) with high quality. The rapid acceptance demonstrated effectiveness DSO in system have led proposals for its adoption more complex projects. This document provides guidance projects interested implementing defense or other highly regulated environments, including those involving systems.The report rationale adopting dimensions change required adoption. It introduces DSO, principles, operations, expected benefits. describes objectives activities needed implement ecosystem, preparation, establishment, management. Preparation necessary create achievable goals expectations establish feasible increments building ecosystem. Establishing ecosystem includes evolving culture, automation, processes, architecture their initial state toward capability. Managing measuring monitoring both health performance organization. Additional information on conceptual foundations also provided.