DevOps Automated Governance Reference Architecture
Attestation of the Integrity of Assets in the Delivery Pipeline
Michael Nygard, Dr. Tapabrata "Topo" Pal, Stephen Magill, Sam Guckenheimer, John Willis
As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and compliance concerns are met.
Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications.
This paper is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline.
A sample use case is also provided to further enforce these best practices.