DevSecOps

GBL is highly experienced in developing and managing Continuous Integration/Continuous Delivery (CI/CD) pipelines compliant with the DoD DevSecOps Reference Architecture on-premises and in DoD Clouds at Impact Level 5/6/6+. Using these techniques, GBL has successfully executed multiple platforms (e.g., F-35, and various Office of Naval Research and Strategic Capabilities Office efforts) and programs.

GBL’s experience includes the development of tools and processes to support the following pipelines:

Analyze and report on DevSecOps metrics and impacts of improvements to the DevSecOps environment

  • Static Application Security Testing (SAST) (e.g., Fortify, SonarQube)

  • Dynamic Application Security Testing (DAST) (e.g., Open Worldwide Application Project (OWASP) Zed Attack Proxy (ZAPP), WebInspect)

  • Software Bill of Materials Analysis

Research and develop DevSecOps CI/CD pipelines supporting both cloud and on-premises environments

  • Unclassified, Secret, and above levels

Develop DevSecOps tools and capabilities using the following modern software development technologies and methodologies

  • Agile, XP, and Test Driven Design (TDD)

  • Artificial Intelligence (AI) and Machine Learning (ML)

  • Microservice Architectures and Kubernetes (k8s)