DoD Enterprise DevSecOps Technology

• Create and Maintain DevSecOps pipelines (not just DevOps) to avoid each DoD service building their own stack and reinventing the wheel.
• Create hardened container images in a dedicated artifacts repository with security built-in and in compliance with FedRAMP/NIST (similar to gold images concept).
• Create a microservice architecture with service mesh (Istio)
• Standardize metrics and define acceptable thresholds for test coverage, security, documentation etc. to enable complete continuous deployment with pre-ATO embedded.
• Leverage Kubernetes for orchestration to ensure automation, rolling-update, scale, security and visibility thanks to the sidecar security container concept.