Sitemap

Patterns

Recommended approaches to solving common issues

• Monitoring-as-code (MaC)
• Selecting a deployment strategy
• Immutable artefacts
• Make small changes
• Docs as code
• Securing application logging
• Catch defects early (shift quality left)
• Using generative AI
• Threat modelling
• Write effective documentation

Principles

To guide the behaviour and decisions of engineering teams

• Design for success
• Be collaborative
• Proportionate security
• Security is everyone's responsibility
• Work in the open
• Zero trust
• Well managed code
• Write maintainable, reusable and evolutionary code
• Provide a good engineering experience
• Monitor and measure proactively
• Design from evidence
• End to end product ownership

Standards

Explicitly stated expectations for engineering teams

• Open source licensing
• Infrastructure as code
• Writing a principle
• Writing a standard
• Managing secrets
• Accessibility
• Encrypting data at rest and in transit
• Managing the security of software dependencies
• Signing code commits
• Infrastructure utilisation monitoring
• Low code workflow naming
• Developer Testing
• Minimal documentation set for a product
• Service reliability