20 DevSecOps Reference Architectures to Help
By Derek Weeks
3 minute read time
Sixty-five percent of people are visual learners. I’m one of them.
Over the past several months, I assembled 20 DevSecOps reference architectures from different organizations around the world. I have studied their patterns, similarities, and unique structures. They helped me to understand what I knew, and more importantly, didn’t yet know about DevSecOps.
DevSecOps according to the U.S. Department of Defense
In DevSecOps, pictures can be used to describe how work moves across the organization, where it starts, where it stops, where it intersects with other work, where it's efficient and where it's not. Reference architectures can help us visualize both work and relationships.
DevSecOps according to Larry Maccherone
We all want to improve DevSecOps practices
Another thing about reference architectures is that they can change. When the picture doesn't work the way we want it to do, we have an opportunity to modify it, to make the work more efficient, to streamline it, and to remove waste or inefficiencies from the picture or from the organizations.
A picture also describes how we work or how we want to work with our colleagues. Reference architectures can help us visualize connections that need to be made and how we want the organization to support the way that we work. The reference architectures can also help us describe what's human-centric and what's automated.
DevSecOps according to Acrosec
DevSecOps patterns from others emerge
A few years ago, I had assembled a large set of DevOps reference architectures. These pictures helped people better assess what they might want to start building or compare what they had already built against other work across the DevOps community. Those original reference architectures have now been viewed over 120,000 times on SlideShare.
I remember studying the pictures in that collection to identify when patterns had emerged. Others realized they could use them to validate choices they were making. They could ask themselves, “Is this organization doing something like mine?” or “Am I doing the right thing?”
Today, I’m sharing this collection of DevSecOps reference architectures to help more people on their organizational or personal journey. Similar to the last time I created such a collection, I will ask this community of readers to submit their own reference architectures to me, so that I can include them in the set. I am sure there are more out there, and the more we can all share them, the more we can learn from one another.
You can find the reference architectures here. If you have one to share, please send it to me here and I’ll update the set with full attribution to you.
DevSecOps Deeper Dives
The picture does not always tell the full story. Therefore, within each of these reference architectures, there's a link or a URL along with them that shows you where to find more detail from the blogs, conference presentations or the slide decks from which the images originated. By referencing those sources, I hope you will be able to learn more about what that organization was trying to achieve.
Please share these reference architectures with others so that we can all learn from the knowledge across our community. And, once again, if you have a picture to share, please send it along.
Written by Derek Weeks
Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.
Explore All Posts by Derek Weeks