Overview
Introduction
Welcome to Flarekit's Secure Software Development Lifecycle (SSDLC). This page provides an overview of our key security practices. Our DevSecOps Framework defines the essential capabilities for maintaining a secure DevOps environment. It uses a vendor-neutral approach, effectively manages insider threats, and provides a clear plan for implementing security-focused DevOps practices.
Secure Build
Artifact Binary Provenance: This page explains what artefact binary provenance is all about. Version Control: This page covers how we use Bitbucket for version control, detailing our branching strategies and the protections we have in place. Defined Toolchain: Here, we discuss the importance of using a defined toolchain and how it helps maintain a secure build environment. Dependency Management: This page outlines how we manage dependencies to ensure software integrity and compliance with licensing requirements.
Secure Process
Code Review: Details our code review process and how it ensures the quality and security of our code. Quality Assurance: Outlines the quality assurance practices we follow to maintain high standards in our software development. Security Vulnerability Scanning: Explains how we scan for security vulnerabilities and the tools we use to identify and address potential risks. Deployment Approvals: Describes the process for approving deployments to ensure they meet our security standards.
Secure Runtime
Change Records: Discusses the importance of maintaining change records and how we manage them. Deployment Controls: Outlines the controls we have in place for secure deployments. Secrets Management: Details our approach to managing sensitive information such as passwords and API keys. Service Ownership: Defines how we manage service ownership to ensure accountability. Infrastructure and Configuration Management: Explains our practices for managing infrastructure and configurations securely. Runtime Workload Monitoring: Describes how we monitor runtime workloads to detect and address security issues. System Access Controls: Details the access controls we implement to manage and secure system access.
Explore Further
Explore our other sections to learn more about the security measures we implement in our runtime practices. These steps help us meet industry standards and keep our software development secure and reliable.
If you have any questions, feel free to reach out to the Flarekit team at [email protected].
Last updated