▎Distributed C2

DevSecOps

Practice of integrating security into continuous software delivery pipelines.

Definition

DevSecOps embeds security gates — vulnerability scanning, policy-as-code, hardened images — directly into CI/CD pipelines so that security is delivered with each release rather than reviewed at the end. The DoD Enterprise DevSecOps Reference Design is the canonical specification for defense programs.

Reference attributes

Reference: DoD Enterprise DevSecOps Reference Design

Related terms

Platform One
U.S. Air Force enterprise DevSecOps platform serving the joint force.
Continuous Authority to Operate (cATO)
Accreditation model granting ongoing ATO based on continuous monitoring and pipeline controls.

#software-engineering