October 21, 2021 By Steven Weaver 2 min read

New capabilities and improvements to the DevSecOps Reference Implementation.

Earlier this year, IBM introduced the DevSecOps Reference Implementation for audit-ready compliance across development teams, which provides a complete, secure software delivery lifecycle automated with IBM Cloud Continuous Delivery and other IBM Cloud services.

We’ve continued to enhance and improve this reference architecture, and today, we’re pleased to announce support for SonarQube, additional validations for image signing and new improvements to the getting-started experience. All of this will help your development teams to quickly launch a workflow that will build, scan, test and deploy your cloud-native applications, while ensuring security and compliance goals are met and evidence is retained for any future audits. 

New support for SonarQube

The DevSecOps reference implementation now supports SonarQube. SonarQube is an open-source platform that helps with continuous inspection of source code quality by performing static code analysis. This helps developers keep tabs on potential bugs and code duplication, enabling them to better handle code complexity while continuously targeting hard business deadlines. More information on configuring SonarQube in the DevSecOps reference implementation can be found here:

Example DevOps Insights Quality Dashboard with SonarQube integration.


Additional image signing validations

The DevSecOps reference implementation requires developers to self-sign their container images before they can be deployed to a production environment. The new image signing step in the reference implementation now validates the input for the correct format, ensuring the Gnu Privacy Guard (GPG) key provided is correct and avoiding rework. 

Improved getting-started experience

We’ve also improved the getting-started experience by adding a new IBM Cloud Dashboard tile for the DevSecOps reference implementation, highlighting new documentation that makes it easier for development teams to get started with the IBM Cloud Continuous Delivery DevSecOps templates. 

Now you can find the DevSecOps docs all in one place, with a new homepage that is regularly refreshed with content that contains all you need to know to get started, including recommendations, videos, links to IBM Developer content, the IBM Architecture Center and the IBM Community, where you can discuss IBM public cloud with IT ops managers, solution architects, SREs and other cloud professionals:

New DevSecOps documentation homepage.


Get started

More from Announcements

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Consulting augments expertise with AWS Competencies: A win-win for clients 

3 min read - In today's dynamic economic landscape, businesses demand continuous innovation and speed of execution. At IBM Consulting®, our unwavering focus on partnerships and shared commitment to delivering enterprise-level solutions to mutual clients have been core to our success.   We are thrilled to announce that IBM® has recently gained five competencies from Amazon Web Services (AWS) in vital domains including Cloud Operations, Internet of Things (IoT), Life Sciences, Mainframe Modernization, and Telecommunications. With these credentials, IBM further establishes its position as a…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters