SEI Blog | Continuous Deployment of Capability

SEI Blog | Continuous Deployment of Capabilityhttp://sei.cmu.edu/feeds/topic/continuous-deployment-capability/atom/?utm_source=blog&utm_medium=rss2025-07-14T00:00:00-04:00Updates on changes and additions to the SEI Blog for posts matching Continuous Deployment of CapabilityA Practitioner-Focused DevSecOps Assessment Approach2025-07-14T00:00:00-04:002025-07-14T00:00:00-04:00Aaron Reffett, Timothy A. Chickhttps://www.sei.cmu.edu/blog/a-practitioner-focused-devsecops-assessment-approach/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Regular DevSecOps assessments are necessary to track progress, adapt to evolving needs, and ensure you are consistently delivering value to your end users with speed, security, and efficiency.

A 5-Stage Process for Automated Testing and Delivery of Complex Software Systems2025-05-21T00:00:00-04:002025-05-21T00:00:00-04:00Caden Milne, Lyndsi Hugheshttps://www.sei.cmu.edu/blog/a-5-stage-process-for-automated-testing-and-delivery-of-complex-software-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Managing and maintaining deployments of complex software present engineers with a multitude of challenges including security vulnerabilities.

The DevSecOps Capability Maturity Model2025-03-10T00:00:00-04:002025-03-10T00:00:00-04:00Timothy A. Chick, Brent Frye, Aaron Reffetthttps://www.sei.cmu.edu/blog/the-devsecops-capability-maturity-model/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Implementing DevSecOps can improve multiple aspects of the effectiveness of a software organization and the quality of the software for which it is responsible.

Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Cross-Program Dependencies2024-09-03T00:00:00-04:002024-09-03T00:00:00-04:00William Novakhttps://www.sei.cmu.edu/blog/acquisition-archetypes-seen-in-the-wild-devsecops-edition-cross-program-dependencies/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Shared capabilities can help manage costs and complexities but can also result in cross-program dependencies. This post examines this phenomenon in a DevSecOps context.

Cultivating Kubernetes on the Edge2024-07-08T00:00:00-04:002024-07-08T00:00:00-04:00Patrick Earl, Jeffrey Hamed, Doug Reynolds, José Moraleshttps://www.sei.cmu.edu/blog/cultivating-kubernetes-on-the-edge/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Members of the SEI DevSecOps Innovation team were asked to explore an alternative to VMware’s vSphere Hypervisor in an edge compute environment. This post explores their prototype.

Polar: Improving DevSecOps Observability2024-05-06T00:00:00-04:002024-05-06T00:00:00-04:00Morgan Farrah, Vaughn Coates, Patrick Earlhttps://www.sei.cmu.edu/blog/polar-improving-devsecops-observability/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post introduces Polar, a DevSecOps framework developed as a solution to the limitations of traditional batch data processing.

Example Case: Using DevSecOps to Redefine Minimum Viable Product2024-03-11T00:00:00-04:002024-03-11T00:00:00-04:00Joseph Yankelhttps://www.sei.cmu.edu/blog/example-case-using-devsecops-to-redefine-minimum-viable-product/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This SEI blog post, authored by SEI interns, describes their work on a microservices-based software application, an accompanying DevSecOps pipeline, and an expansion of the concept of minimum viable product to minimum viable process.

Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways2023-12-18T00:00:00-05:002023-12-18T00:00:00-05:00William Novakhttps://www.sei.cmu.edu/blog/acquisition-archetypes-seen-in-the-wild-devsecops-edition-clinging-to-the-old-ways/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This SEI blog post draws on SEI experiences conducting independent technical assessments to examine problems common to disparate acquisition programs. It also provides recommendations for recovering from these problems and preventing them from recurring.

Extending Agile and DevSecOps to Improve Efforts Tangential to Software Product Development2023-08-07T00:00:00-04:002023-08-07T00:00:00-04:00David Sweeney, Lyndsi Hugheshttps://www.sei.cmu.edu/blog/extending-agile-and-devsecops-to-improve-efforts-tangential-to-software-product-development/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

The modern software engineering practices of Agile and DevSecOps have revolutionized the practice of software engineering. This blog post explores use of these practices in capability delivery and business mission.

5 Challenges to Implementing DevSecOps and How to Overcome Them2023-06-12T00:00:00-04:002023-06-12T00:00:00-04:00Joseph Yankel, Hasan Yasarhttps://www.sei.cmu.edu/blog/5-challenges-to-implementing-devsecops-and-how-to-overcome-them/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

The shift from project- to program-level thinking raises numerous challenges to DevSecOps implementation. This SEI Blog post articulates these challenges and ways to overcome them.

Actionable Data from the DevSecOps Pipeline2023-05-01T00:00:00-04:002023-05-01T00:00:00-04:00Bill Nichols, Julie Cohenhttps://www.sei.cmu.edu/blog/actionable-data-from-the-devsecops-pipeline/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

In this blog post, we explore decisions that program managers make and information they need to confidently make decisions with data from DevSecOps pipelines.

Writing Ansible Roles with Confidence2022-11-07T00:00:00-05:002022-11-07T00:00:00-05:00Matthew Heckathornhttps://www.sei.cmu.edu/blog/writing-ansible-roles-with-confidence/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

How do you write Ansible roles in a way where you can be confident your role works as intended? This post provides guidance on how to best begin developing Ansible roles.

A Technical DevSecOps Adoption Framework2022-10-24T00:00:00-04:002022-10-24T00:00:00-04:00Vanessa Jackson, Lyndsi Hugheshttps://www.sei.cmu.edu/blog/a-technical-devsecops-adoption-framework/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post describes our new DevSecOps adoption framework that guides the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.

Combining Security and Velocity in a Continuous-Integration Pipeline for Large Teams2022-07-11T00:00:00-04:002022-07-11T00:00:00-04:00Alejandro Gomezhttps://www.sei.cmu.edu/blog/combining-security-and-velocity-in-a-continuous-integration-pipeline-for-large-teams/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post explores how one team managed—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.

Modeling DevSecOps to Protect the Pipeline2022-06-13T00:00:00-04:002022-06-13T00:00:00-04:00Timothy A. Chick, Joseph Yankelhttps://www.sei.cmu.edu/blog/modeling-devsecops-to-protect-the-pipeline/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post presents a DevSecOps Platform-Independent Model that uses model based system engineering constructs to formalize the practices of DevSecOps pipelines and organize guidance.

From Model-Based Systems and Software Engineering to ModDevOps2021-11-22T00:00:00-05:002021-11-22T00:00:00-05:00Jerome Hugues, Joseph Yankelhttps://www.sei.cmu.edu/blog/from-model-based-systems-and-software-engineering-to-moddevops/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Introduction to ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) technology

The Role of DevSecOps in Continuous Authority to Operate2021-10-04T00:00:00-04:002021-10-04T00:00:00-04:00Tom Scanlonhttps://www.sei.cmu.edu/blog/the-role-of-devsecops-in-continuous-authority-to-operate/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

DevSecOps favors rapid development and deployment. Such rapid development and deployment must be balanced against the need to ensure software systems are secure with minimal risk, thus enabling them to receive timely ATOs and continuous ATOs.

Taking DevSecOps to the Next Level with Value Stream Mapping2021-05-24T00:00:00-04:002021-05-24T00:00:00-04:00Nanette Brownhttps://www.sei.cmu.edu/blog/taking-devsecops-to-the-next-level-with-value-stream-mapping/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post explores the relationship between DevSecOps and value stream mapping, both of which are rooted in the Lean approach to systems and workflow. It also provides guidance on preparing to conduct value stream mapping within a software-intensive product development environment.

Aligning DevSecOps and Machine Learning2021-05-03T00:00:00-04:002021-05-03T00:00:00-04:00Luiz Antuneshttps://www.sei.cmu.edu/blog/aligning-devsecops-and-machine-learning/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Luiz Antunes explores the machine learning (ML) and DevSecOps domains and proposes ways to use them in collaboration for increased performance.

The Current State of DevSecOps Metrics2021-03-29T00:00:00-04:002021-03-29T00:00:00-04:00Bill Nicholshttps://www.sei.cmu.edu/blog/the-current-state-of-devsecops-metrics/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

DevSecOps practices yield useful, valuable information about software performance that is likely to lead to innovations in software engineering metrics.