What about DevSecOps for big enterprises? A lot of large scale organizations transforms their business processes. First they moved away from Waterfall, moving on to the Agile way of working. One of the most recent implementations is DevSecOps. Security plays an important role in the software development life-cycle. This blog reveals the summary of a DevSecOps journey at a Dutch Bank. Given the facts about the speed of the transition – this bank is not a slow dinosaur. 🙂
Business IT Nerd is involved into the DevSecOps journey of ABN AMRO – a large Dutch national bank. Within their journey they use a lot of DevSecOps best practices and tools. Some of the tools being used are Nexus Repository Manager and Nexus Lifecycle. These tools are offered by Sonatype. Derek Weeks wrote a lengthy blog about it.
The key aspects of DevSecOps journey can be read in the blog of Derek Weeks. This blog includes, but is not limited to the following topics:
- The (technology specific) pipelines which are being used as part of the software development life-cycle.
- Security of Docker container technologies both at build time as well as at run-time.
- CI/CD metrics to visualize security issues across departments and teams
Pipelines are there for every major technology and programming language. Every pipeline has common building blocks which together make up the entire set of stages required for every application to pass. Security plans an important role in it – remember DevSecOps? As ABN AMRO is a bank – security is vital. The ultimate goal is the shift left of security issues before they end up in production.
More to read
Previous words are just the beginning of the journey. Read the full blog to catch the details and get the answers of the DevSecOps journey at a Dutch bank. Maybe this is a good reference for your company.