Anyone who is familiar with the process to achieve Authority to Operate (ATO) understands that it is often fraught with issues that can holdup development and delivery of software products to their customers. Software development teams are in need of an effective development strategy to shorten these timelines and even make a continuous ATO possible.
DevSecOps is becoming increasingly popular in the Federal Government to push through these limitations. Leveraging the continuities gained with DevSecOps such as Continuous Monitoring, Continuous Inspection and Continuous Testing, a development team’s security & development posture is robust and can more easily navigate the Risk Management Framework (RMF) & ATO process.
Dave Rabrun, a software architect at Evans & Chambers, presented a virtual tech talk on building out a DevSecOps Pipeline with readily available open-source tools & libraries. Dave was able to showcase the benefits of continuous inspection tools such as SonarQube and Arachni. From there, Dave presented a seamless DevSecOps pipeline that leveraged development with Github, integration with Jenkins and deployment with AWS CloudFormation.
About the EC Tech Talk Series
The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.