-
Notifications
You must be signed in to change notification settings - Fork 0
PDCP DevSecOps Standard
The Public Health Data Center of Excellence (PDCP) will be utilizing DevSecOps principles to streamline its software development and deployment processes, and to ensure that security is integrated throughout the development lifecycle. This document provides an overview of the high-level DevSecOps principles and the benefits that DevSecOps will bring to PDCP.
DevSecOps is a software development and deployment approach that emphasizes collaboration, automation, and security. The following are the high-level DevSecOps principles that will be applied at PDCP:
-
Shift left: This principle involves moving security and other testing activities earlier in the development lifecycle, so that issues can be detected and resolved earlier.
-
Continuous integration and continuous delivery (CI/CD): This principle involves automating the build, test, and deployment processes to enable faster and more reliable releases.
-
Automation: This principle involves automating as many tasks as possible, including testing, security scanning, and deployment.
-
Culture of collaboration: This principle involves promoting a culture of collaboration between developers, security professionals, and operations teams, to ensure that everyone is working together to achieve common goals.
-
Security as code: This principle involves treating security as code, so that security policies and controls can be managed and tested like any other code.
By adopting DevSecOps principles, PDCP will achieve the following benefits:
-
Faster, more reliable releases: By automating the build, test, and deployment processes, PDCP will be able to release software faster and with fewer errors.
-
Increased security: By integrating security throughout the development lifecycle, PDCP will be able to identify and remediate security issues earlier.
-
Improved collaboration: By promoting a culture of collaboration, PDCP will be able to break down silos and ensure that everyone is working together to achieve common goals.
-
Greater agility: By automating as many tasks as possible, PDCP will be able to respond more quickly to changing requirements and market conditions.
-
Higher quality software: By adopting DevSecOps principles, PDCP will be able to achieve higher levels of software quality, as issues are identified and resolved earlier in the development lifecycle.
The adoption of DevSecOps principles at PDCP will enable faster, more reliable releases, increased security, improved collaboration, greater agility, and higher quality software. By following the high-level DevSecOps principles outlined in this document, PDCP will be able to achieve its software development and deployment goals more effectively and efficiently, while ensuring that security is integrated throughout the development lifecycle.
🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧
Under Development
- This wiki and the documents being developed under it are living documents.
- They are all pre-decisional.
- Some of these documents were generated using chatGPT or were developed by other organizations for reuse and adaptation.
- Some of the documents in this wiki are in early early drafts, they make reference to things that do no exist or to process not yet being used.
- The Center of practice(COP) is best effort and will be developed iteratively. This includes the technology supporting the COP
- At the early stages of the COP expect change; short life cycles and rapid changes. Plan accordingly.
- Stability in the COP will materialize over time.
- For immediate reference engage your COP support channel, use the documentation as a secondary source.
- There is reference to the COP and PDCP in the documentation, these are the same entity. We haven't picked a name yet :)
All of the pages in this wiki should be considered draft, underdevelopment and needing review. None of these pages are official documentation. All of the pages are a work in progress and discussion is encouraged via the GitHub issues mechanism.
🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧🚧