Featured » DevOps » DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)

× Share this Article

Facebook
Twitter
Email
LinkedIn

DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)

January 27, 2021 Michael Coté

Share this Article
Facebook
Twitter
Email
LinkedIn

When Federal people ask to secure a DevOps app creation and delivery process, what do they mean? Chris Willis joins Coté in this episode to answer that question with a #vmwaretanzu customer example: the Tanzu Build Service, buildpacks, Tanzu Application Service (Pivotal Cloud Foundry), and other components. He covers FIPS encryption requirements, STIGs, working with the authorizing official, and the overall practices and culture-think for securing build pipelines.

Mentioned in the show:

Get a free consultation on DevSecOps with Tanzu Labs.
Free Forrester paper on container security.
Explainer of VMware Tanzu’s DevSecOps Tools.

About the Author

Michael Coté works on the advocates team for VMware Tanzu. See @cote for more.
More Content by Michael Coté

Tanzu Talk: Scaling Skills and Culture, with Richard Watson

Rita and Coté talk with Richard Watson about DevOps and kubernetes skills, training, and spreading change i...

How VMware IT Runs Modern Applications Better and Faster

by Varinder Kumar, Senior IT Director Manas Singh, IT Manager—Application Platforms, and Pervinder Sudan,...

DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)

About the Author

Previous

Next

DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)

About the Author

Previous

Next

Related content in this Stream

Internal developer platforms (IDPs) might be the latest innovation to hit the platform space, but they represent the culmination of at least a decade of efforts by development, platform and DevOps tea

Containers are popular with both developers and operators because they offer a straightforward way to deploy and manage applications, regardless of the target environment. They facilitate DevOps (and

Please join Nate Schutta and guest Valarie Regas. Valarie is a DevOps fanatic, a Georgia Tech coding bootcamp graduate, and a veteran mommy. She holds a BA in Psychology and currently works as a Devel

In the DevOps, cloud, platform world we're told that operations people starting working closely with developers. This week @thecote been asked "does that really happen?" several times. We discuss...

In the DevOps, cloud, platform world we're told that operations people starting working closely with developers. This week @thecote been asked "does that really happen?" several times. We discuss the

VMware Tanzu Application Platform is a next-generation Kubernetes-based DevOps platform that helps your developers be more productive. The Tanzu Application Platform GUI is built with the Backstage op

Securing the software supply chain is becoming increasingly critical, not only to prevent cyber threats, but also to comply with the executive order from the White House. DevOps teams need to make it

Coté puts together a talk looking out how to use things like OpenAI ChatGPT to make digital transformation, DevOps/culture, whatever and etc. better, if not just less annoying. Chapters: 00:04 - Tes

All that digital transformation, DevOps, whatever stuff is going to require organization change. For reals! Make sure you can actually do it. More: https://tanzu.vmware.com/content/ebooks/the-business

We check-in on "platform engineering," and ponder the theory that it's "DevOps for kubernetes." Also, Coté gives his theory on the rise of platform engineering. In the news section, we cover some of t

We check-in on "platform engineering," and ponder the theory that it's "DevOps for kubernetes." Also, Coté gives his theory on the rise of platform engineering. In the news section, we cover some...

How does the community process work at the CNCF? Dims tells us, and then he discusses it with Alex Williams of @TheNewStack and Coté of @vmware.

Build your own automation platform in 20mn, one artisanal script at a time. Solomon Hykes shows how with #ProjectCloak.

Index: 0:00 - Disclaimer and fun intro video. 0:55 - Presentation. 21:10 - Interview

...with Duffie Cooley of Isovalent.

Jen Kelly goes over what Backstage is. She then talks with Alex Williams from @TheNewStack. Index: 1:06 - Jeny Kelly 15:14 - Interview with Alex Williams

In this episode from VMware Explore, Lukas first goes over vcluster and loft.sh. Then Coté and Alex Williams discuss those topics and kubernetes in general with Lukas.

If you're doing anything with programming, apps, or the software you build and use to run your organization, check out the sessions we have at #VMwareExplore 2022, coming up August 29th to September 1

Moving to the cloud is hard. Even born-in-the-cloud companies worry about keeping their growth on track and their technical debt in check. Given the demands decision makers face for growth, innovation