Skip to content
GitHub Copilot is now available for free. Learn more
Ebooks & Whitepapers
Whitepaper

Achieving DevSecOps maturity with GitHub

August 13, 2020

Get the analysis

GitHub has been rapidly evolving into a complete development platform over the past year and a half, with the addition of native CI/CD capabilities using GitHub Actions. But did you know that you can implement DevSecOps natively in GitHub Enterprise, using GitHub Advanced Security?

Before we dig into the how, let’s align on a definition of DevSecOps maturity. OWASP created the DevSecOps Maturity Model (DSOMM) framework to show application security measures which can be applied when using DevOps strategies and how these can be prioritized. DSOMM strives to incrementally increase the effectiveness of a security program from Level 1 (least mature) to Level 4 (a fully implemented DevSecOps program built into your DevOps practices).

There are four main evaluation criteria in DSOMM:

  1. Static depth: How comprehensive the static code scan that you are performing within the AppSec CI pipeline is

  2. Dynamic depth: How comprehensive the dynamic scan that is being run within the AppSec CI pipeline is...

Download the PDF to keep reading →

Share
TagsSecurity

Read the report

Loading CAPTCHA...

Explore other resources

Three AppSec pitfalls every security leader can avoid

A landscape image with a light blurred background of various Security shapes and illustrations behind the foreground text. The text reads "Three AppSec pitfalls every security leader can avoid."

Secure software is critical for business success today. Here are some common application security pitfalls every software team can watch out for.

Learn more

The enterprise guide to AI-powered DevSecOps

A light background features an array of AI-themed shapes and illustrations with a blur filter applied. In the foreground, white text reads "The enterprise guide to AI-powered DevSecOps".

In this guide, we’ll share core challenges when it comes to implementing DevSecOps, and how you can start addressing them with AI and automation.

Learn more

A checklist for AI-powered DevSecOps

A dark background is filled with Security themed shapes and illustrations that are slightly blurred. In the foreground, a sentence reads: "A checklist for AI-powered DevSecOps." There is also a question following it: "Could your codebases use a security boost from AI?"

Learn how to integrate intelligent tools into your developer workflows to catch vulnerabilities earlier, reduce response times from months to minutes, and shift from reactive to proactive security management.

Learn more