GitHub has been rapidly evolving into a complete development platform over the past year and a half, with the addition of native CI/CD capabilities using GitHub Actions. But did you know that you can implement DevSecOps natively in GitHub Enterprise, using GitHub Advanced Security?
Before we dig into the how, let’s align on a definition of DevSecOps maturity. OWASP created the DevSecOps Maturity Model (DSOMM) framework to show application security measures which can be applied when using DevOps strategies and how these can be prioritized. DSOMM strives to incrementally increase the effectiveness of a security program from Level 1 (least mature) to Level 4 (a fully implemented DevSecOps program built into your DevOps practices).
There are four main evaluation criteria in DSOMM:
- Static depth: How comprehensive the static code scan that you are performing within the AppSec CI pipeline is
- Dynamic depth: How comprehensive the dynamic scan that is being run within the AppSec CI pipeline is...
Download the PDF to keep reading →