DEVOPSdigest

OpsMx announced extensions to OpsMx Intelligent Software Delivery (ISD) that make it a CI/CD solution designed for secure software delivery and deployment.

By adding OpsMx ISD Security to their existing software lifecycle, organizations can prevent the introduction of security issues, discover and more quickly resolve vulnerabilities in production environments, and capture a delivery bill of materials (DBOM). The solution has been developed in collaboration with and is being deployed by OpsMx customers that include Fortune 10 enterprises and global leaders in financial services, healthcare, and technology. The announcement was made today at cdCon + GitOpsCon 2023.

“The attack surface of delivery processes, DevOps tools, and deployments keeps increasing, yet companies and security vendors continue to focus just on attacks in production or attacks through code,” said Gopal Dommety, CEO and founder of OpsMx. “Even security-conscious enterprises are often forced to operate on an honor system when it comes to enforcing software delivery policies. With these new capabilities, OpsMx is providing the security guardrails to ‘trust, but verify,’ keeping developers productive while giving DevOps teams the security posture management that they need.”

The security capabilities of OpsMx Intelligent Software Delivery (ISD) help organizations prevent potential security issues, discover and resolve vulnerabilities in their environment, and demonstrate secure software delivery.

- Prevent Security Issues. Prevention starts with tightly controlling the delivery and deployment process. OpsMx enforces policies, such as mandatory security checks, in the delivery process. Security controls over who can modify the delivery pipelines and policies further ensure protection. When manual approvals are required, OpsMx offers AI/ML support to automatically calculate a security score on a new release and recommend if it should be deployed. New releases can also be compared to prior releases to see the specific security impacts and guide deployment decisions.

- Resolve Security Vulnerabilities. Resolution starts with synthesizing the contents and delivery history of currently deployed applications. From this data, OpsMx identifies current CVEs and CIS vulnerabilities. Using a definitive record of what was deployed where, OpsMx can precisely trace the location of a vulnerability, significantly shortening time to resolution. As new open source vulnerabilities are discovered, OpsMx issues alerts with pointers to where action is required.

- Secure End-to-End Delivery Processes. OpsMx provides end-to-end traceability of the delivery of every application and service, captured in a delivery bill of materials (DBOM), the operations equivalent to the development team’s software bill of materials (SBOM). OpsMx’s definitive audit record of each step in delivery and deployment includes all approvals and the output of tools included in the process, such as SonarQube, Jira, or ServiceNow. If an exception is granted to deploy a vulnerability, OpsMx captures a record of the exception and sets a trigger for future review.

Together, these capabilities enable DevOps security posture management in alignment with the NIST Cybersecurity Framework. Now DevOps teams have the tools to attest to the security of the delivery and deployment process, just as development teams attest to the security of their code.

OpsMx Security extensions are part of OpsMx ISD Release 4.0, now available for private preview and generally available in July, 2023.

Customers may implement OpsMx ISD as a comprehensive, security-first CD solution, or use OpsMx ISD Security as an add-on module to their current CD solution. OpsMx ISD Security integrates with Spinnaker and Argo today, with support for Jenkins, GitHub Actions, and additional CD solutions coming later this year.