The U.S. Department of Defense – A Role Model for DevSecOps

Several years ago, few would have thought that a government agency would be at the forefront of application development tooling and processes, daring the civilian world to keep up with their shift-left knowhow. But that’s exactly what’s happening in the U.S. Department of Defense, which is implementing the Enterprise DevSecOps Initiative to enable agencies to increase the warfighter’s competitive advantage by developing applications more rapidly and securely.

As StackRox found in our recent survey, 83% of organizations currently have a DevSecOps initiative, and the DoD is leading the charge. To support the Enterprise DevSecOps Initiative, the DoD-wide Platform One team was formed to ensure the U.S. maintains its leadership in readiness and innovation, signaling a fundamental shift in the way DoD entities build, deploy and run mission-critical applications.

The State of Container and Kubernetes Security

Container Security Maturity Model

Download this ebook to learn about your container security needs across different stages of your container adoption journey

Download Today
Enabling DevSecOps Innovation at the DoD

We’re proud to have our software included as a Kubernetes-native container security platform in the Iron Bank artifact repository, accredited for use across the DoD entities served by Platform One. The StackRox Kubernetes Security Platform is also certified for compliance with the DoD Enterprise DevSecOps Container Hardening guide.

“StackRox, with its Kubernetes-native approach to securing microservices environments, makes it easier for cyber teams to shift left and apply controls early in the development cycle and embed security policies in code,” said Nicolas M. Chaillan, Chief Software Officer, U.S. Air Force, and, Co-Lead, DoD Enterprise DevSecOps Initiative.

Next-Gen Container Security Leading the Way

Running inside Platform One and other federal agencies, StackRox is rapidly becoming a standard for government entities that are seeking next-gen container security and shifting left as part of their DevSecOps initiatives. In addition to its inclusion in Iron Bank, the StackRox Kubernetes Security Platform also recently won a Phase II award to secure containerized applications inside the U.S. Air Force AFWERX and Department of Defense. We also secured a Phase III contract with the Department of Homeland Security to deploy our Kubernetes security platform inside a large U.S. bank to protect its application development environment.

The StackRox Kubernetes Security Platform is also on the approved product list for the Department of Homeland Security CDM Program. Agencies can easily leverage StackRox to extend CDM security controls to their containerized and Kubernetes environments. To date, we’ve already helped several agencies accelerate their app modernization and DevSecOps efforts through our next-gen, Kubernetes-native approach to container security and compliance.

Join the DevSecOps Movement

Following the lead of Platform One and government agencies at the “tip of the spear” in the DevSecOps movement, both the public and private sectors can benefit from the innovations coming out of the DoD. Nicolas Chaillan and several others spoke about their innovative approaches at our recent Federal DevSecOps Summit, highlighting the importance of shifting left and adopting a Kubernetes-native approach to container security.

If you’d like to learn more about how StackRox is helping our federal agencies accelerate their pace of innovation and move to DevSecOps, we encourage you to request a private demo. And, as always, feel free to drop us a line – we’d love to hear your thoughts.