Most enterprises journey to DevSecOps (or secure DevOps, or still using traditional DevOps for the context) beginning with Source Code Management (SCM), or source control or version control. Without that, where the Continuous Integration (CI) and Continuous Delivery (CD) take place for the seamless automation and CI/CD pipeline time to be saved.
In general to speak, for the typical productivity enterprise expect, we need a minimum users count who join the coming DevSecOps, or you do not do security automation and integration, then it DevOps to see the result. How many users will you expect? You are surprised to see most of the vendors are looking for 100 users or more as criteria. If you have much less size, you do not have the complex and time issue like those touching for 100 users and more, where the seamless automation and integration really save a lot of time for everyone involved.
The more users are involved, the more complexity is introduced, and the process, and more development team, or more application development executive, and director involved, and the requirements will become full scale DevSecOps (again, if do not do security testing, become DevOps). This is why when someone said to look for source code management (SCM) for their development team, it may be beneficial to look into DevSecOps (or DevOps without security testing), to have the full context in perspective. Else, will be needed to migrate when other more mature needs rise.
Source code management (SCM) i short is the domain typically use by developer and tester, or team lead, development manager and director, for the project management till source code management (SCM) and continue to CI/CD pipe automation, and most likely for security testing in the later stage (ie DevSecOps, or Secure DevOps).
But it is not for every kind of enterprise, it will benefit enterprises who develop their own software application, and we refer here to use agile SDLC for modern software applications, cloud, microservices etc that leverage docker containers etc. Adopting DevSecOps will not make you productive overnight, you need to have all the practice in place, including training how to use the product tool, and seamless integration and automation to get results. An eye on value stream management (VSM) change is going to be beneficial as well.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.
Other post you may be interest:
