DevSecOps

Security starts at the software development stage

Do you have an agile software project that you would like to implement efficiently, cost-effectively and yet securely? By incorporating security from the start and all the way through to going live, you prevent costly, after-the-fact fixes to vulnerabilities and the endangering of sensitive data. DevSecOps ensures smooth interaction between the areas of software development (Dev), security (Sec) and operations (Ops). We ensure that security is integrated optimally and as automatically as possible into your development and operational process - culturally, conceptually and technically. In addition, we support you in all matters relating to the Container Security and Kubernetes Security.

Selected references on the subject

Our Services

Request offer

  • Structure of DevSecOps

    We guide you in defining and building DevSecOps in your organisation:

    • Analysis of the current situation and your requirements
    • Definition of the security requirements to be achieved through DevSecOps
    • Definition of responsibilities / roles and processes including any additional cultural aspects
    • Prioritisation of DevSecOps pipeline elements
    • Construction/integration of the DevSecOps pipeline elements (engineering)
    • Validation of the DevSecOps pipeline elements

  • DevSecOps Review

    We analyse and assess your DevSecOps maturity level.

    • Analysis of the current situation and your requirements
    • Audit of existing security requirements
    • Review of the existing definition of responsibilities / roles
    • DevSecOps concept review
    • Review of feedback loops
    • Analysis of the security quality gates
    • Validation of the (existing and new) DevOps pipeline elements

    We will be pleased to check the general security maturity level of your software development (secure software development life cycle) in an OWASP SAMM assessment.

  • Security enhancement for your CI/CD pipeline

    Would you like to add further security elements to your pipeline? We support you in this process and the direct implementation:

    • Analysis of the existing CI/CD pipeline and your security requirements
    • Evaluation of suitable additional security tools (e.g. SCA, SAST, DAST) for your pipeline development / integration of additional DevSecOps pipeline elements (engineering)
    • Validation of the (existing and new) DevSecOps pipeline elements

  • OWASP SAMM assessment

    To make the security maturity of your software development measurable, our assessment is based on the software assurance maturity model (SAMM) from the OWASP Foundation. SAMM supports the entire software life cycle and is technology-agnostic and process-agnostic. Our assessment enables you to identify existing deficits in your secure software development life cycle (SSDLC) and improve it in a targeted way through specific recommendations for measures and an implementation plan.

DevSecOps Pipeline & Security Elements

The process steps illustrated above build on each other and are continuously run through again each time a change is made, e.g. to a software component. In order not to slow down this agile process unnecessarily and still guarantee security, appropriate security elements and checks must be integrated into the individual process steps.

Tools we support

Thanks to our many years of experience in a wide range of customer projects, we can support you in the context of the following (and similar) tools in particular.


Ansible


Argo CD


cert-manager


Cilium


Cloud Foundry


containerd


Dependabot


Docker


ELK Stack


Falco


Bitbucket


Git (Hook)


GitHub Actions


GitHub


GitLab


Grafana


Harbor


Helm


Istio


Jenkins


JFrog (Xray)


Keycloak


kube-bench


Kubernetes


Open Policy Agent


OWASP ZAP


Prometheus


Rancher


Red Hat OpenShift


Semgrep


SonarQube


Spinnaker


Splunk


Starboard


Trivy


HashiCorp Vault


VMware Tanzu

Your advantages with us as a DevSecOps partner

  • Efficient introduction, further development or evaluation of your DevSecOps tool kit and associated processes
  • Neutral assessment of the suitability of tools
  • Support from specialists with years of experience in different industries and projects
  • Comprehensive (cultural, conceptual and technical) integration of security into your pipeline and software development as a whole

Contact us to implement your agile software project efficiently, cost-effectively and securely.