Controls Areas #
This is the Secure Software Development Lifecycle for Kosli
The DevSecOps Framework defines the capabilities in a secure DevOps landscape.
The DevSecOps Framework provides:
- An vendor agnostic approach
- A holistic view of managing insider threat
- A clear roadmap for a security-based devops implementation
Build Controls
SDLC-CTRL-0001:
Version Control
SDLC-CTRL-0002:
Artifact Binary Provenance
SDLC-CTRL-0003:
Controlled Build Environment
SDLC-CTRL-0004:
Dependency Management
SDLC-CTRL-0005:
Infrastructure and Configuration as Code
SDLC-CTRL-0006:
Secrets Scanning
Release Controls
SDLC-CTRL-0007:
Code Review
SDLC-CTRL-0008:
Quality Assurance
SDLC-CTRL-0020:
Vulnerability Scanning — SAST
SDLC-CTRL-0021:
Vulnerability Scanning — SCA
SDLC-CTRL-0022:
Vulnerability Scanning — Containers
SDLC-CTRL-0010:
Deployment Approvals
Runtime Controls
SDLC-CTRL-0012:
Change Records
SDLC-CTRL-0013:
Deployment Controls
SDLC-CTRL-0014:
Secrets Management
SDLC-CTRL-0015:
System Access Controls
SDLC-CTRL-0016:
Runtime Workload Monitoring
SDLC-CTRL-0023:
Feature Flags
SDLC-CTRL-0018:
Drift Detection