New capabilities and improvements to the DevSecOps Reference Implementation.

Earlier this year, IBM introduced the DevSecOps Reference Implementation for audit-ready compliance across development teams, which provides a complete, secure software delivery lifecycle automated with IBM Cloud Continuous Delivery and other IBM Cloud services.

We’ve continued to enhance and improve this reference architecture, and today, we’re pleased to announce support for SonarQube, additional validations for image signing and new improvements to the getting-started experience. All of this will help your development teams to quickly launch a workflow that will build, scan, test and deploy your cloud-native applications, while ensuring security and compliance goals are met and evidence is retained for any future audits. 

New support for SonarQube

The DevSecOps reference implementation now supports SonarQube. SonarQube is an open-source platform that helps with continuous inspection of source code quality by performing static code analysis. This helps developers keep tabs on potential bugs and code duplication, enabling them to better handle code complexity while continuously targeting hard business deadlines. More information on configuring SonarQube in the DevSecOps reference implementation can be found here:

Example DevOps Insights Quality Dashboard with SonarQube integration.


Additional image signing validations

The DevSecOps reference implementation requires developers to self-sign their container images before they can be deployed to a production environment. The new image signing step in the reference implementation now validates the input for the correct format, ensuring the Gnu Privacy Guard (GPG) key provided is correct and avoiding rework. 

Improved getting-started experience

We’ve also improved the getting-started experience by adding a new IBM Cloud Dashboard tile for the DevSecOps reference implementation, highlighting new documentation that makes it easier for development teams to get started with the IBM Cloud Continuous Delivery DevSecOps templates. 

Now you can find the DevSecOps docs all in one place, with a new homepage that is regularly refreshed with content that contains all you need to know to get started, including recommendations, videos, links to IBM Developer content, the IBM Architecture Center and the IBM Community, where you can discuss IBM public cloud with IT ops managers, solution architects, SREs and other cloud professionals:

New DevSecOps documentation homepage.


Get started


More from Announcements

IBM TechXchange underscores the importance of AI skilling and partner innovation

3 min read - Generative AI and large language models are poised to impact how we all access and use information. But as organizations race to adopt these new technologies for business, it requires a global ecosystem of partners with industry expertise to identify the right enterprise use-cases for AI and the technical skills to implement the technology. During TechXchange, IBM's premier technical learning event in Las Vegas last week, IBM Partner Plus members including our Strategic Partners, resellers, software vendors, distributors and service…

Introducing Inspiring Voices, a podcast exploring the impactful journeys of great leaders

< 1 min read - Learning about other people's careers, life challenges, and successes is a true source of inspiration that can impact our own ambitions as well as life and business choices in great ways. Brought to you by the Executive Search and Integration team at IBM, the Inspiring Voices podcast will showcase great leaders, taking you inside their personal stories about life, career choices and how to make an impact. In this first episode, host David Jones, Executive Search Lead at IBM, brings…

IBM watsonx Assistant and NICE CXone combine capabilities for a new chapter in CCaaS

5 min read - In an age of instant everything, ensuring a positive customer experience has become a top priority for enterprises. When one third of customers (32%) say they will walk away from a brand they love after just one bad experience (source: PWC), organizations are now applying massive investments to this experience, particularly with their live agents and contact centers.  For many enterprises, that investment includes modernizing their call centers by moving to cloud-based Contact Center as a Service (CCaaS) platforms. CCaaS solutions…

See what’s new in SingleStoreDB with IBM 8.0

3 min read - Despite decades of progress in database systems, builders have compromised on at least one of the following: speed, reliability, or ease. They have two options: one, they could get a document database that is fast and easy, but can’t be relied on for mission-critical transactional applications. Or two, they could rely on a cloud data warehouse that is easy to set up, but only allows lagging analytics. Even then, each solution lacks something, forcing builders to deploy other databases for…