About
DevSecOps paves the way for the future of work in NUS by bringing about a new way of working for application development, security and IT operations. It aims to drastically shorten the system development lifecycle, and provide continuous integration and continuous delivery (CICD) with security incorporated into the process. NUS can enjoy improved speed, security and quality in application development.
So how does it work?
Its adoption enables application modernisation by leveraging the following: GitHub source repository, build automation, build tool migration, Nexus Repository (an open source repository) migration, and Nexus IQ (scanning of open source components) onboarding. It lays the foundation for DevSecOps practices for future app development, and it will enable more pervasive automation in the development pipeline.
About GitHub: GitHub is an Internet hosting service for software development. It provides access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project it hosts.
With all these in-built features, it becomes much easier for everyone on the team to document and contribute to the projects.
Outcome
So far, we have deployed the GitHub Enterprise platform (Education) for source code management. It replaces the old Subversion (SVN) system, an opensource version control system. Currently, the migration of central Java/.Net apps to GitHub is ongoing and to date, 293 source code repositories for NUS IT projects have already been created in GitHub.
Here is a comparison summary between the legacy system and the newly adopted one, demonstrating the benefits with the adoption of DevSecOps:
