DevOps Automated Governance Reference Architecture

DevOps Automated Governance Reference Architecture

Attestation of the Integrity of Assets in the Delivery Pipeline

Michael Nygard, Dr. Tapabrata "Topo" Pal, Stephen Magill, Sam Guckenheimer, John Willis


  • Description
  • Author
  • Info
  • Reviews


As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and compliance concerns are met.

Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications.

This paper is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline.

A sample use case is also provided to further enforce these best practices.


Michael Nygard:
SVP, Enterprise Architecture & Platform Development, Sabre Corporation

Vice President, Architecture, Fidelity Investments

Vice President, Product Innovation, Sonatype

Product Owner, Azure DevOps, Microsoft (retired)

Senior Director Global Transformation Office, Red Hat