OpsLevel Logo
Product

Visibility

Catalog

Keep an automated record of truth

Integrations

Unify your entire tech stack

AI Engine

Restoring knowledge & generating insight

Standards

Scorecards

Measure and improve software health

Campaigns

Action on cross-cutting initiatives with ease

Checks

Get actionable insights

Developer Autonomy

Service Templates

Spin up new services within guardrails

Self-service Actions

Empower devs to do more on their own

Knowledge Center

Tap into API & Tech Docs in one single place

Featured Resource

March Product Updates
March Product Updates
Read more
Use Cases

Use cases

Improve Standards

Set and rollout best practices for your software

Drive Ownership

Build accountability and clarity into your catalog

Developer Experience

Free up your team to focus on high-impact work

Featured Resource

The Ultimate Guide to Microservices Versioning Best Practices
The Ultimate Guide to Microservices Versioning Best Practices
Read more
Customers
Our customers

We support leading engineering teams to deliver high-quality software, faster.

More customers
Hudl
Hudl goes from Rookie to MVP with OpsLevel
Read more
Hudl
Keller Williams
Keller Williams’ software catalog becomes a vital source of truth
Read more
Keller Williams
Duolingo
How Duolingo automates service creation and maintenance to tackle more impactful infra work
Read more
Duolingo
Resources
Our resources

Explore our library of helpful resources and learn what your team can do with OpsLevel.

All resources

Resource types

Blog

Resources, tips, and the latest in engineering insights

Guide

Practical resources to roll out new programs and features

Demo

Videos of our product and features

Events

Live and on-demand conversations

Interactive Demo

See OpsLevel in action

Pricing

Flexible and designed for your unique needs

Docs
Log In
Book a demo
Log In
Book a demo
No items found.
Share this
Table of contents
 link
 
Resources
Blog

How OpsLevel can help you improve your security posture

Product
Standardization
Visibility
SRE
Security
Campaigns
Checks
Service Creation
How OpsLevel can help you improve your security posture
Patsy Price
|
April 14, 2023

As a member of the SecOps team, you have access to the list of security vulnerabilities that were identified by tools that scan your codebase and container images. These vulnerabilities may have been on your list for some number of sprints and you may be wondering how you are going to get them included in the development backlog, and how you can ensure remediation. 

It can also be a struggle to assess the overall security state of your architecture. With thousands of scans and hundreds of services, how can you easily identify which services and teams are out of compliance and falling behind?

We encourage our customers to leverage the OpsLevel Service Maturity Rubric to set and enforce tolerable levels of security risk.

Setting up security-focused checks

Opslevel Service Maturity rubrics are composed of checks, the individual tests that can inspect and evaluate the results from a security scan for each individual service. OpsLevel will evaluate which services have a certain level of critical vulnerabilities and the service will fail those checks. Once the vulnerability is remediated then subsequent scan will produce a passing result. It’s a visible indicator of improvement in your security risk. 

Rolling out security upgrades with campaigns

OpsLevel campaigns let us drive to completion important engineering initiatives like major upgrades of software versions. We use the endoflife API to monitor the end of support for different languages and tools in our tech stack. For example, we may see that the current version of our database engine is going to be unsupported in eight months and we need to upgrade. We can make an informed decision about what pre-work is needed and what sprints to schedule the upgrade in, then we can run a campaign to manage this work. 

Here is a sample bash script that retrieves information about different end-of-life dates per service.

It takes two arguments: the service alias and the OpsLevel Custom Event Check integration URL (replacing end of the URL with the appropriate identifier). This script will use a webhook to send the payload to OpsLevel for evaluation. Here is an example of running this script. 

The Campaign check in OpsLevel will have the following success criteria. This criteria would be for tracking a mySQL version upgrade.

Campaigns have future scheduling so the engineering teams will know when to complete the work. Campaigns will track which services have been upgraded to using the updated version of the database engine and which are falling behind schedule and tiers help us identify how critical that might be to the business. 

This combination of OpsLevel campaigns to drive upgrades and service maturity checks to track tolerable security risks works well in managing the security of our stack and that of our customers. 

Managing vulnerability in software development

Ideally, security best practices are baked in from the start, as software is being developed—and not retroactively applied. At OpsLevel, we focus on developing and maintaining a strong understanding of the tradeoffs between product development speed and security processes and procedures that we put into place.  

Managing security risk with service maturity checks gives us insight into our current security posture and allows us to take action when and where it matters most. For example, is it worth putting a blocker in the Continuous Integration (CI) pipeline of a tier 3 alpha lifecycle service? You might slow down innovation and development speed when you need to move fast because you are prototyping a completely new feature. You should be very cognizant of the implications and not just put a bunch of toil on developers to make things more secure. Is the juice worth the squeeze? 

With an understanding of these trade-offs, you can make incremental progress toward the security ideal without hampering developer effectiveness. 

‍

Ready to see how campaigns and service maturity checks can level up SecOps throughout your org? Book a demo with our team and see OpsLevel’s security features in action. 

More resources

March Product Updates
Blog
March Product Updates

Some of the big releases from the month of March.

Read more
How Generative AI Is Changing Software Development: Key Insights from the DORA Report
Blog
How Generative AI Is Changing Software Development: Key Insights from the DORA Report

Discover the key findings from the 2024 DORA Report on Generative AI in Software Development. Learn how OpsLevel’s AI-powered tools enhance productivity, improve code quality, and simplify documentation, while helping developers avoid common pitfalls of AI adoption.

Read more
Introducing OpsLevel AI: Finding Your Lost Engineering Knowledge
Blog
Introducing OpsLevel AI: Finding Your Lost Engineering Knowledge

Read more
Product
Software catalogMaturityIntegrationsSelf-serviceKnowledge CenterBook a meeting
Company
About usCareersContact usCustomersPartnersSecurity
Resources
DocsEventsBlogPricingDemoGuide to Internal Developer PortalsGuide to Production Readiness
Comparisons
OpsLevel vs BackstageOpsLevel vs CortexOpsLevel vs Atlassian CompassOpsLevel vs Port
Subscribe
Join our newsletter to stay up to date on features and releases.
By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.
SOC 2AICPA SOC
© 2024 J/K Labs Inc. All rights reserved.
Terms of Use
Privacy Policy
Responsible Disclosure
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Data Processing Agreement for more information.
Okay!