Skip to content

Latest commit

 

History

History
48 lines (31 loc) · 3.21 KB

about.md

File metadata and controls

48 lines (31 loc) · 3.21 KB
layout title
default
About DevSecOps Capability Model

Why Dev(Sec)Ops

Software delivery performance is a critical lever that a company has to improve organisational performance. DevSecOps is a philosophy and mindset that will improve your software delivery performance. Functional excellence in this discipline correlates strongly with high software delivery performance.

As you can see from the image below from the Google State of DevOps report 2019 it is quite evident how much elite performers (Level 4) perform better than low performers (Level 1) elite performers

How do you improve at Dev(Sec)Ops?

Use this capability model to map where you are currently on the DevSecOps journey. Start out by assessing your teams and then use the model drive and monitor change in maturity for team. This tools will help you make more tactical investment choices based on the functional excellence you require for your product as well as identify issues in your teams.

Look at the principles matrix and read the questions, based on your answers to the questions and score yourself/your team for that principle. Simply fork the project and modify the data/data.json and change the team names and scores to model your organisation. Or even add your own principles to model your organisations capability needs. At the moment the system will handle up to 12 team's scores (before we run out of colours.)

Thanks

This capability model was derived, influenced and inspired by:

Thanks to Timo Pagel for the DevSecOps maturity project which was the original stimulus for this project.

Props to Nadieh Bremer for the original Radar d3.js radar code.

Observability Strategy

First published by Jujhar in March 2019

DevSecOps

Why the Sec in DevSecOps? For the last two years the industry has been pushing to shift elements of security (in particular AppSec and CloudSec ) as left (or early in the process) as possible. It turns out that DevOps-enfranchised teams are well placed to do this work.

Licence

MIT So go fill your boots.