Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

20 DevSecOps Reference Architectures to Help

DZone's Guide to

20 DevSecOps Reference Architectures to Help

Check out this collection of 20 DevSecOps reference architectures and share your own model with the creator, Derek Weeks of Sonatype, to continue building on this list.

· DevOps Zone ·
Free Resource

Easily enforce open source policies in real time and reduce MTTRs from six weeks to six seconds with the Sonatype Nexus Platform. See for yourself - Free Vulnerability Scanner. 

Sixty-five percent of people are visual learners. I'm one of them.

Over the past several months, I assembled 20 DevSecOps reference architectures from different organizations around the world. I have studied their patterns, similarities, and unique structures. They helped me to understand what I knew, and more importantly, didn't yet know about DevSecOps.

Image: DevSecOps according to the U.S. Department of Defense

In DevSecOps, pictures can be used to describe how work moves across the organization, where it starts, where it stops, where it intersects with other work, where it's efficient and where it's not. Reference architectures can help us visualize both work and relationships.

Image: DevSecOps according to Larry Maccherone

We All Want to Improve DevSecOps Practices

Another thing about reference architectures is that they can change. When the picture doesn't work the way we want it to do, we have an opportunity to modify it, to make the work more efficient, to streamline it, and to remove waste or inefficiencies from the picture or from the organizations.

A picture also describes how we work or how we want to work with our colleagues. Reference architectures can help us visualize connections that need to be made and how we want the organization to support the way that we work. The reference architectures can also help us describe what's human-centric and what's automated.

Image: DevSecOps according to Acrosec

DevSecOps Patterns From Others Emerge

A few years ago, I had assembled a large set of DevOps reference architectures. These pictures helped people better assess what they might want to start building or compare what they had already built against other work across the DevOps community. Those original reference architectures have now been viewed over 120,000 times on SlideShare.

I remember studying the pictures in that collection to identify when patterns had emerged. Others realized they could use them to validate choices they were making. They could ask themselves, "Is this organization doing something like mine?" or "Am I doing the right thing?"

Image: DevSecOps according to Dr. Ravi Rajamiyer


Today, I'm sharing this collection of DevSecOps reference architectures to help more people on their organizational or personal journey. Similar to the last time I created such a collection, I will ask this community of readers to submit their own reference architectures to me, so that I can include them in the set. I am sure there are more out there, and the more we can all share them, the more we can learn from one another.

You can find the reference architectures here. If you have one to share, please send it to me here (mailto: weeksatsonatype.com) and I'll update the set with full attribution to you.

DevSecOps Deeper Dives

The picture does not always tell the full story. Therefore, within each of these reference architectures, there's a link or a URL along with them that shows you where to find more detail from the blogs, conference presentations, or the slide decks from which the images originated. By referencing those sources, I hope you will be able to learn more about what that organization was trying to achieve.

Please share these reference architectures with others so that we can all learn from the knowledge across our community. And, once again, if you have a picture to share, please send it along (mailto: weeksatsonatype.com).

Automate open source governance at scale across the entire software supply chain with the Nexus Platform. Learn more.

Topics:
devops ,reference architecture ,devsecops

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}