DevSecOps Reference Architecture Guide
DevSecOps Reference Architecture Guide
Legend
Threat Detected
Neutralize
Security
Product Architect
Manual Developer
SRE
Automated
Supply Chain
Observation
Deployment
Iterate
Notifications Development IntegrationContent Trust Delivery AppStore / Play
Out of Band Production
Alert Idea Work Item Threat Design Architecture OSSM Sign SAST Integration Sign CVA Sign Customers
Commit Sign Repository
DAST Sign Policy Sign
Promotion Production Chaos
Model Infrastructure OSSM SCA Test Automated Check
as Code Experiments
(Iac) Tests Signatures
Trigger
repository
OSSM SAST Configuration Dark/Canary Business
Open Source Commit Out of Band Database "Staging"
Application OSSM SCA Injection Deployment Acceptance
lifecycle
Repository Migration Testing
Green
(Live)
Deployment Data Stakeholder
Flow Interest
Based on
Third Party OSSM Speed
(Vendors)
Secret Flow Customer / Business
Visible Deployment Customers
Docker OSSM
Registry
lifecycle
firewall
Continuous
Observation
Threat Detected
Automated Notifications Data Science Bring the Chaos
Data Check
Third Party Security Compliance Governance Science Sign
Risk
Security
Data Security Investigation Operations
Aggregation Models and Forensics Center
(SOC)
Continuous
Education
Stage Detail