Resources Blog 40 DevSecOps Reference Architectures To Learn From

40 DevSecOps Reference Architectures To Learn From

Scaling DevSecOps is no easy feat... there are so many different ways to automate security across the SDLC, that it can get to be overwhelming for those not knowing where exactly to begin.

That's why we started the DevSecOps Reference Architecture collection in 2016. Every year, we release a community-curated deck of architectures to help provide insight into what tools and integrations other organizations are deploying. For those just starting out in their DevSecOps journey, this enables them to see how their own choices compare to those who have already seen success (or maybe even failure) in shifting left.

Last week, we released this year's compilation, which includes 40 architectures from companies like Intuit, GSA, Amazon Web Services, and Accenture. We invite you to download the deck and see for yourself - how does your organization stack up?

To learn more about the DevSecOps Reference Architectures we've compiled, I sat down with our very own Derek Weeks - who shared a bit more :



Have your own reference architecture you'd like to submit? Email it to or DM it to us. 

Picture of Janie Gelfond

Written by Janie Gelfond

Janie serves as the Community Marketing Manager at Sonatype. After starting with the company as an intern, she has worked her way up and is now a core part of the team.