Security starts at the software development stage

Do you have an agile software project that you would like to implement efficiently, cost-effectively and yet securely? By incorporating security from the start and all the way through to going live, you prevent costly, after-the-fact fixes to vulnerabilities and the endangering of sensitive data. DevSecOps ensures smooth interaction between the areas of software development (Dev), security (Sec) and operations (Ops). We ensure that security is integrated optimally and as automatically as possible into your development and operational process - culturally, conceptually and technically.

Selected references on the subject

Our Services

Structure of DevSecOps

We guide you in defining and building DevSecOps in your organisation:

  • Analysis of the current situation and your requirements
  • Definition of the security requirements to be achieved through DevSecOps
  • Definition of responsibilities / roles and processes including any additional cultural aspects
  • Prioritisation of DevSecOps pipeline elements
  • Construction/integration of the DevSecOps pipeline elements (engineering)
  • Validation of the DevSecOps pipeline elements

DevSecOps Review

We analyse and assess your DevSecOps maturity level.

  • Analysis of the current situation and your requirements
  • Audit of existing security requirements
  • Review of the existing definition of responsibilities / roles
  • DevSecOps concept review
  • Review of feedback loops
  • Analysis of the security quality gates
  • Validation of the (existing and new) DevOps pipeline elements

We will be pleased to check the general security maturity level of your software development (secure software development life cycle) in an OWASP SAMM assessment.

Security enhancement for your CI/CD pipeline

Would you like to add further security elements to your pipeline? We support you in this process and the direct implementation:

  • Analysis of the existing CI/CD pipeline and your security requirements
  • Evaluation of suitable additional security tools (e.g. SCA, SAST, DAST) for your pipeline development / integration of additional DevSecOps pipeline elements (engineering)
  • Validation of the (existing and new) DevSecOps pipeline elements

DevSecOps & agile security coaching

The DevSecOps approach is suitable for making software development agile, automated, and secure - for optimal interaction between software development (Dev), security (Sec), and systemadministration (Ops).

Security elements are directly integrated into the processes and tools of software development and IT operations, ensuring that information and IT security departments are always "in the loop" and can enforce existing requirements without impeding the work of software developers and system administrators.

We support you with consulting and conceptual definitions as well as individual coaching to accompany the introduction of DevSecOps or general agile security practices. This ensures that DevSecOps is successfully introduced in your organisation and all areas involved are more efficient and transparent in the long term.

DevSecOps Pipeline & Security Elements

The process steps illustrated above build on each other and are continuously run through again each time a change is made, e.g. to a software component. In order not to slow down this agile process unnecessarily and still guarantee security, appropriate security elements and checks must be integrated into the individual process steps.

Tools we support

Thanks to our many years of experience in a wide range of customer projects, we can support you in the context of the following (and similar) tools in particular.


Ansible


Argo CD


cert-manager


Cilium


Cloud Foundry


containerd


Dependabot


Docker


ELK Stack


Falco


Bitbucket


Git (Hook)


GitHub Actions


GitHub


GitLab


Grafana


Harbor


Helm


Istio


Jenkins


JFrog (Xray)


Keycloak


kube-bench


Kubernetes


Open Policy Agent


OWASP ZAP


Prometheus


Rancher


Red Hat OpenShift


Semgrep


SonarQube


Spinnaker


Splunk


Starboard


Trivy


HashiCorp Vault


VMware Tanzu

Your advantages with us as a DevSecOps partner

  • Efficient introduction, further development or evaluation of your DevSecOps tool kit and associated processes
  • Neutral assessment of the suitability of tools
  • Support from specialists with years of experience in different industries and projects
  • Comprehensive (cultural, conceptual and technical) integration of security into your pipeline and software development as a whole

Contact us to implement your agile software project efficiently, cost-effectively and securely.