DevSecOps
DevSecOps is a set of software development practices that combines software development (Dev), security (Sec), and information technology operations (Ops) to secure the outcome and shorten the development lifecycle.
DevSecOps Operational Container Scanning
DOCS Mission
The DOCS Mission is to develop a Continuous Monitoring (CM) approach for all Department of Defense (DoD) mission partners that monitors and provides compliance enforcement of containerized applications which cover all the DevSecOps pillars (Develop, Build, Test, Release & Deploy, and Runtime) for a secure posture with the focus being on automation and integration going forward.
DOCS Downloads
CaC now accessible to download below
| Title | Size | Updated | |
|---|---|---|---|
|
NGINX CINC Profile for Anchore
|
169.99 KB |
25 Jun 2024
|
|
|
MongoDB CINC Profile for Anchore
|
100.93 KB |
25 Jun 2024
|
|
|
JRE 7 CINC Profile for Anchore
|
12.45 KB |
25 Jun 2024
|
|
|
JBoss CINC Profile for Anchore
|
118.54 KB |
25 Jun 2024
|
|
|
Crunchy Postgres CINC Profile for Anchore
|
260.28 KB |
25 Jun 2024
|
|
|
Apache Tomcat CINC Profile for Anchore
|
145.1 KB |
25 Jun 2024
|
|
|
Apache Site CINC Profile for Anchore
|
171.69 KB |
25 Jun 2024
|
|
|
Apache Server CINC Profile for Anchore
|
271.06 KB |
25 Jun 2024
|
|
|
Ubuntu 20 CINC Profile for Anchore
|
346.1 KB |
11 Jun 2024
|
|
|
RHEL 8 CINC Profile for Anchore
|
293.37 KB |
11 Jun 2024
|
|
|
Postgres 9 CINC Profile for Anchore
|
240.29 KB |
11 Jun 2024
|
|
|
unclass-docs_what_is_a_container
|
5.16 MB |
11 Sep 2023
|
|
|
DevSecOps Enterprise Container Hardening Guide 1.2
|
967.81 KB |
19 Sep 2022
|
|
|
Depart of Defense (DoD) Cloud Native Access Point (CNAP) Reference Design (RD) - V1 R1
The purpose of the CNAP RD is to describe and define the set of capabilities, fundamental components, data flows, logical design pattern, and derived reference implementations for deploying, connecting to, and operating a CNAP. The RD guides the development of next generation cybersecurity capabilities to enable connectivity from the internet into DoD resources and services hosted in commercial cloud environments.
|
1.57 MB |
24 Aug 2021
|
|
|
DevSecOps Enterprise Strategy
|
979.3 KB |
04 Aug 2021
|
|
|
DoD Enterprise DevSecOps Reference Design: CNCF Kubernetes
|
3 MB |
23 Jun 2021
|
|
|
DevSecOps Fundamentals Playbook - Ver 2, Rel 1
DevSecOps is a software engineering culture that guides a team to break down silos and unify software development, deployment, security and operations. Critical to the success of DevSecOps adoption is buy-in from all stakeholders, including: leadership, acquisition, contracting, middle-management, engineering, security, operations, development, and testing teams. Stakeholders across the organization must change their way of thinking from “I” to “we”, while breaking team silos, and understanding that the failure to successfully deliver, maintain, and continuously engineer software and its underlying infrastructure is the failure of the entire organization, not one specific team or individual.
|
866.65 KB |
18 Jun 2021
|
|
|
DevSecOps Fundamentals Guidebook: DevSecOps Tools & Activities - ver 2, rel 1
The goal of DevSecOps is to improve customer outcomes and mission value through the automation, monitoring, and application of security at every phase of the software lifecycle. Practicing DevSecOps requires an array of purpose-built tools and a wide range of activities that rely on those tools. This document conveys the relationship between each DevSecOps phase, a taxonomy of supporting tools for a given phase, and the set of activities that occur at each phase cross-referenced to the tool(s) that support the specific activity.
|
1009.07 KB |
16 Jun 2021
|
|
|
DoD Enterprise DevSecOps Fundamentals
This document is intended as an educational compendium of universal concepts related to DevSecOps, including normalized definitions of DevSecOps concepts.
|
2.78 MB |
11 Jun 2021
|
|
|
DoD Enterprise DevSecOps Strategy Guide
The DevSecOps Strategy Guide provides an executive summary of DevSecOps as a whole by establishing a set of strategic guiding principles that every approved DoD enterprise-wide DevSecOps reference design must support. This document is generally consumed by PEOs and anyone in non-technical leadership positions.
|
1.86 MB |
11 Jun 2021
|
|
|
Container Image Creation and Deployment Guide Version 2, Release 0.6
The Container Image and Deployment Guide will provide the technical requirements for container image creation and deployment within a container platform.
|
880 KB |
17 Nov 2020
|
|
|
DoD Enterprise DevSecOps Reference Design v1.0
The main purpose of this document is to provide a logical description of the key design components and processes to provide a repeatable reference design that can be used to instantiate a DoD DevSecOps software factory.
|
— |
09 Nov 2020
|
|
|
Sunset - Docker Enterprise 2.x Linux/Unix STIG for Ansible - Ver 1, Rel 1
|
489.84 KB |
22 Jun 2020
|
Contact
For questions or comments regarding DevSecOps content or documents, please contact the DISA SD DevSecOps Helpdesk: disa.meade.sd.mbx.docs-mailbox@mail.mil