DevSecOps Fundamentals Guidebook


The goal of DevSecOps is to improve customer outcomes and mission value through the automation, monitoring, and application of security at every phase of the software lifecycle. Figure 1 DevSecOps Phases and Continuous Feedback Loops conveys the software lifecycle phases and continuous feedback loops.

Practicing DevSecOps requires an array of purpose-built tools and a wide range of activities that rely on those tools. This document conveys the relationship between each DevSecOps phase, a taxonomy of supporting tools for a given phase, and the set of activities that occur at each phase cross-referenced to the tool(s) that support the specific activity.

Audience and Scope

The target audience for this document include:

  • DoD Enterprise DevSecOps platform capability providers
  • DoD DevSecOps teams
  • DoD programs

The Tools and Activities that follow are foundational, but incomplete when considered in isolation. Each DoD Enterprise DevSecOps Reference Architecture additively defines the complete set of Tools and Activities required to achieve a specific DevSecOps implementation.


Leave a Reply

Your email address will not be published. Required fields are marked *