Achieving DevSecOps maturity with a developerfirst, community driven approach

GitHub has been rapidly evolving into a complete development platform over the past year and a half, with the addition of native CI/CD capabilities using GitHub Actions.

But did you know that you can implement DevSecOps natively in GitHub Enterprise, using GitHub Advanced Security?

In this ebook, we will explore the OWASP DevSecOps Maturity Model (DSOMM) and demonstrate how you can achieve:

  • ┬áLevel 1 maturity by implementing software composition analysis (SCA)
  • Static application security testing (SAST)
  • Dynamic application security testing (DAST)
  • Secret scanning using GitHub-native capabilities within the developer workflow