SHIP-HATS contains a tool suite to cater to each stage of the CI/CD pipeline. Learn more here.
The SHIP-HATS Compliance Framework enables developers to automate DevSecOps practices based on industry pipeline security as well as the ICT&SS Management standards. Learn more here.
SHIP-HATS templates are reusable pipeline configuration files that developers can use instead of building from scratch. These templates enable developers to build CI/CD pipelines efficiently by providing building blocks to include in their pipelines. This is based on the “write once, use anywhere” concept and encourages InnerSourcing. Learn more here.
Pipeline COE is a GitLab innersource project that aims to build and store sample images & pipelines that all users on SHIP-HATS GitLab dedicated can use. This feature is based on the GitLab DevSecOps Governance Framework (DGF) and helps the development teams get started quickly using the available resources. Learn more here.
SHIP-HATS leverages GitLab dashboards within the GitLab Ultimate Tier to showcase key metrics for GitLab native tools (e.g., DevOps Adoption, DORA Metrics, Security dashboard, and Value Stream Analytics). Learn more here DevSecOps Maturity Report. The DevSecOps maturity report lets users review compliance with ICT&SS Management and DevSecOps policies. It also provides insights on alignment with best practices such as the Cloud Native Computing Foundation (CNCF), Supply Chain Levels for Software Artifacts (SLSA), and Open Web Application Security Project (OWASP). Learn more here.
Supply-chain Levels for Software Artifacts (SLSA)
SLSA is an add-on component to SHIP-HATS that protects against supply chain attacks. Learn more here.
The Innersource Group in SHIP-HATS provides government officers with a community for learning, sharing of knowledge, and discussion. It is open for all public officers to contribute, view and adopt common code. Learn more here.
Last updated 31 October 2023
Thanks for letting us know that this page is useful for you!
If you've got a moment, please tell us what we did right so that we can do more of it.
Thanks for letting us know that this page still needs work to be done.
If you've got a moment, please tell us how we can make this page better.