DevSecOps at DIT
Overview
DevSecOps is the integration of security practices into every phase of the software development lifecycle. At DIT, DevSecOps is not a separate function—it is embedded into how we build, test, deploy, and operate all software systems.
This section outlines how DIT implements DevSecOps across its infrastructure, tooling, and workflows.
Core Principles
1. Security as Code
Security policies, configurations, and infrastructure must be defined as code:
- Infrastructure is provisioned through GitOps
- Security scanning is automated in CI/CD pipelines
- Policies are enforced programmatically, not manually
2. Shift-Left Security
Security checks happen early—not after deployment:
- Static analysis runs on every Pull Request
- Dependency vulnerabilities are flagged before merge
- Container images are scanned before publishing
3. Immutable Infrastructure
All deployments are based on:
- Immutable container images built from Dockerfiles
- GitOps-managed Kubernetes manifests
- No manual changes to running environments
4. Continuous Compliance
Compliance and security posture are continuously validated:
- Automated code quality gates via SonarQube
- Policy enforcement in Kubernetes via admission controllers
- Audit trails maintained through Git history and container registries
DIT DevSecOps Stack
| Component | Tool / Platform |
|---|---|
| Source Control | GitHub (github.com/ditkrg) |
| CI/CD | GitHub Actions |
| Container Registry | Harbor (reg.dev.krd) |
| GitOps | FluxCD |
| Orchestration | Kubernetes (v1.33+) |
| Code Quality | SonarQube |
| Secrets Management | Infisical + Sealed Secrets |
| Observability | Groundcover (eBPF-based) |
| Tracing | OpenTelemetry |
| Error Tracking | Sentry |
| Infrastructure as Code | Pulumi |
Document Structure
This section is organized into the following guides:
- Dockerfile Best Practices – How to write secure, efficient, and maintainable Dockerfiles
- GitHub Actions – How DIT uses GitHub Actions for CI/CD pipelines
- FluxCD – GitOps-based continuous delivery to Kubernetes
- Kubernetes – Container orchestration standards and best practices
- SonarQube – Code quality and security analysis
- Observability – Tracing, logging, and monitoring with Groundcover and OpenTelemetry
By following these DevSecOps standards, DIT ensures that security, reliability, and operational excellence are built into every system from the start.