It’s not uncommon for government entities to look to tech leaders in the private sector for trends and technologies. Specifically, the Department of Defense (DoD) has made a concerted effort to modernize software development processes and tool acquisition. In this article, we will reference two 2019 reports created to guide the DoD’s DevSecOps implementation and ongoing success.
Adopting practices of innovative tech companies is a strong theme in both papers. After all, modern software companies have to develop and deliver quickly to stay competitive. As a rapidly growing and competitive SaaS organization ourselves, we know first-hand that successful software companies must develop best practices in the following three categories: software development, project management, and people management.
In this article, we’ll discuss how the GitKraken Suite of legendary developer tools empower government and military organizations to implement best practices for DevSecOps.
DevOps vs DevSecOps
The DevOps methodology—an organizational evolution focused on tools and processes that support faster production and better collaboration between development and operations—has become standard as best practice for development teams worldwide.
Learn more about why tech organizations worldwide are adopting DevOps and which tools will enable a successful transformation.
DevSecOps, on the other hand, is more nuanced and has an extreme emphasis on security. With that in mind, it should come as no surprise to learn that DevSecOps is commonly adopted by government and public sector entities responsible for confidential information and public safety.
What is the definition of DevSecOps?
DevSecOps is an organizational software engineering culture and practice that aims at unifying software development (Dev), security (Sec), and operations (Ops). The main characteristic of DevSecOps is to automate, monitor, and apply security at all phases of the software lifecycle.
– Thomas Lam, DoD Enterprise DevSecOps Reference Design
However, while security is an overarching focus of the methodology, DevSecOps is first and foremost centered around software development, and adopting a successful strategy will depend upon the tools and processes you enable at the front lines.
Software Development Standards
Source/Version Control
As is true of all modern, responsible software development, DevSecOps methods rely on the use of source control to track file changes and version history. Git is the adopted industry-standard system for version control, and any teams working to adopt a modern DevSecOps strategy will need to understand its complexities and advantages.
At its roots, Git is highly technical and requires extensive knowledge of complicated demands and frameworks; but when paired with the right set of tools, the limits of collaboration and productivity are endless.
DevSecOps Developer Tools
You would never report to duty without the proper equipment in hand, nor should software developers ever be without the proper tools to enable maximum productivity. Acquiring the right set of tools will help ensure your developers feel confident in their daily workflow, ultimately leading to fewer mistakes and improved performance.
Technologies and tools play a key role in DevSecOps practice to shorten the software lifecycle and increase efficiency.
– Thomas Lam, DoD Enterprise DevsecOps Reference Design
To achieve desired results, you’re going to want a tool, or set of tools, that accomplish:
- Secure access to hosted Git repositories
- Version control documentation
- Code review
- Team collaboration
- Project planning & management
- Issue tracking
- Team onboarding
GitKraken Git GUI
As previously mentioned, Git can be complicated. Thankfully, there are numerous tools available that makes the experience of using Git more intuitive and valuable, and the number 1 most important tool to invest in is a Git client.
The maverick among modern Git clients is GitKraken.
Join prestigious public sector organizations that rely on GitKraken to keep mission-critical projects on time and on budget.
Utilizing a robust tool like the GitKraken Git GUI will help leadership establish and implement workflow standards across teams; this makes it possible to accomplish better onboarding, reduce errors, and deliver faster.
Secure Access to Source Code
Whether your Git repositories are hosted or self-hosted on-premises for enhanced security, GitKraken integrates seamlessly with GitHub, GitLab, Bitbucket, and Azure DevOps, and their self-hosted equivalents.
If DevSecOps is a focus, it’s likely your team is hosting your Git repos in a firewalled environment on-premises. GitKraken has a team of technical implementation specialists to help you manage the setup process and can get your team up and running with the tool quickly, all while ensuring complete security of your source code.
Version Control Documentation
The concept of version control is having the ability to track changes to your source code over time. This can be valuable for many reasons, but one significant benefit is the ability to save past versions of the application and revert back if needed.
“For many DoD systems, source code is not available for inspection or testing, and DoD relies on suppliers to write code for new computer environments.” (Defense Innovation Board. “Software Is Never Done: Refactoring the Acquisition Code for Competitive Advantage.” Department of Defense, March 26, 2019, Office of Prepublication and Security Review.)
Because suppliers are not required to maintain codebases outside of active contracts, legacy code is not always migrated and is subsequently lost.
The GitKraken Git GUI will ensure that your team has access to your entire project’s history from the beginning of time. On top of that, the UI visualizes your repo in a central graph that makes it easy to quickly see who is working on what and who made what changes at any given point in time.
Commits are displayed chronologically, with your most recent changes at the top, including your Work In Progress (WIP). Branches and tags are listed on the left side of the graph, and the commit panel on the right is where files and changes are displayed, staged, and committed.
Code Review
Another foundational principle of DevSecOps is the reduction of risk; code review has been a proven strategy to avoid conflicts and increase the stability of the software delivered.
GitKraken encourages code review for teams through pull requests and provides integrations for remote repositories on GitHub, GitLab, Bitbucket, or Azure DevOps. The GitKraken Git GUI goes one step further to support pull request templates, giving your team members the ability to add additional context with descriptions and labels and assign reviewers. Pull requests can subsequently be approved and pushed directly through GitKraken by the reviewer; no context switching required.
Issue Tracking Integrations
Among other features, the GitKraken Git GUI stands apart from competitors with comprehensive issue tracking integrations with industry-standard tools used widely across development teams. What if your engineers never had to leave their coding environment to stay organized with their daily tasks and communicate progress to colleagues?
The GitKraken Git GUI allows for an optimized workflow by integrating with the following issue trackers:
The integrations allow for users to manage their issues directly from their coding interface and perform the following actions:
- View and filter issues/cards
- View issue/card details
- Create branches tied to issues/cards
- Add comments to issues/cards
- Edit issues/cards
- Create new issues/cards
Project Management Standards
Planning is a crucial phase of a successful DevSecOps lifecycle.
The plan phase involves activities that help the project manage time, cost, quality, risk, and issues.
– Thomas Lam, DoD Enterprise DevSecOps Reference Design
When you’re looking at a list of hundreds of items that need to get done, it can be difficult to identify which action items are the most important and will ultimately affect milestone goals. Furthermore, there is commonly a disconnect when attempting to communicate project progress and goals to senior leadership.
“The DevSecOps planning subsystem supports the activities in the plan phase using a set of communication, collaboration, project management, and change management tools. The planning tools assist human interaction and increase team productivity.” (Lam, Thomas. “DoD Enterprise DevSecOps Reference Design.” Chaillan, Nicolas, Version 1.0, Department of Defense, September 12, 2019, Office of Prepublication and Security Review)
DevSecOps Planning Tools
The GitKraken Git Client provides significant transparency in the central commit graph when it comes to showing what team members are working on which tasks, but the tool also integrates with two other products created for team collaboration and project management: GitKraken Timelines & GitKraken Boards.
GitKraken Timelines
GitKraken Timelines was created with some of the previously stated challenges in mind; our team needed a tool to help plan out large project goals and milestones in a format that could be communicated across departments. We also needed a tool that would allow us to iterate upon the plan as needed.
Timelines show major project milestones on a continuous line that represents time; each milestone flag highlights primary goals and when the milestone is scheduled to occur.
You can also overlay timelines on top of each other in the same view to compare product release timelines to avoid conflicts and overlaps. Each timeline maintains a unique color, so you can easily distinguish one from another.
It’s critical that all team members understand how their individual efforts affect an end goal; not only will it keep your developers more engaged, it incentivizes personal ownership of tasks and team collaboration.
Software projects must contribute to the overall aim of business and efforts must be aligned to that end goal.
– Defense Innovation Board, Software Is Never Done: Refactoring the Acquisition Code for Competitive Advantage
GitKraken Boards
GitKraken Boards allows development teams to view and track tasks in Kanban boards with columns that define the different steps in your workflow and cards that represent individual tasks. Tasks can be assigned to individuals or groups of developers, and progress meters allow everyone to see momentum and capacity.
One of the best parts about GitKraken Boards is the number of available integrations. Teams can integrate with Slack, the popular communication tool for enterprise teams, so developers can instantly receive notifications when tasks are assigned.
Automate Tasks with GitKraken Boards
GitKraken Boards also plays well with GitHub; developers can sync with GitHub Issues, automate the manipulation of cards on a board through GitHub Actions, and automate the advancement of cards based on pull request status and check build status by integrating with GitHub pull requests.
GitKraken Boards also integrates seamlessly with the other two tools highlighted in this article: the GitKraken Git GUI and Timelines. This makes it possible to keep track of tasks in real-time without switching tools, and helps teams visualize their day-to-day activities alongside higher-level company milestones.
“Adopt common tools from planning and requirements through deployment and operations.” (Lam, Thomas. “DoD Enterprise DevSecOps Reference Design.” Chaillan, Nicolas, Version 1.0, Department of Defense, September 12, 2019, Office of Prepublication and Security Review)
Selecting a set of tools that are designed to work in tandem will save you time and money on overhead, onboarding, and day-to-day productivity.
Get help onboarding your team to Git and GitKraken with our educational resources. Learn Git with GitKraken
People Management
Of course, the tools you choose to utilize will make or break your DevSecOps strategy, but just as important as the tech, are the people who will use it. Adopting DevSecOps will require a cultural shift and will likely adjust current governance within and across departments.
“DevSecOps describes an organization’s culture and practices enabling organizations to bridge the gap between developers, security team, and operations team. It requires organizations to shift their culture, evolve existing practices, adopt new technologies, and strengthen governance.” (Lam, Thomas. “DoD Enterprise DevSecOps Reference Design.” Chaillan, Nicolas, Version 1.0, Department of Defense, September 12, 2019, Office of Prepublication and Security Review)
Successful cultures are built around trust and respect; with DevSecOps, it’s no different. Mixed with open communication, transparency and ownership, and realistic expectations, your team will be equipped with a foundation for success.
Adopting DevSecOps in the Public Sector
With the help of the GitKraken Git GUI, GitKraken Timelines, and GitKraken Boards, you will be well on your way to accomplishing a successful DevSecOps initiative for your public sector organization.
Moving to DevSecOps improves agility and speeds new capabilities into the field. But it also requires new policies, processes, and cultural change.
– Thomas Lam, DoD Enterprise DevSecOps Reference Design
…and a little patience. 😉