The Collaborative DevSecOps Automation Factory for Everyone

Dev, Sec, and Ops teams can innovate collaboratively, building modern security-first automation

Sophos Factory allows your teams to automate anything. It operates as a DevSecOps factory where your entire IT stack becomes software, also known as IT as code. Like a factory, pipelines can be used as building blocks to create repeatable solutions that work much like an IT assembly line. These solutions can be run in easy-to-consume automation that tech teams can support in a collaborative responsibility model and iterate quickly to the business needs and minimize security risk.

air-force-logo

Sophos is bringing automated solution delivery to Air Force use cases in compliance, container security, and realizing security in DevSecOps.

platform-one-logo

Sophos is working with Platform One to help reduce tool and content sprawl while also enabling all warfighters to take part in the DevSecOps process.

cis-logo

Vendors are automatedly re-certifying with CIS-CAT against the newest CIS benchmarks.
 

What is DevSecOps?

DevSecOps stands for development, security, and operations. It’s a holistic, agile approach to culture, automation, and platform design that integrates security as a collaborative responsibility throughout the entire IT as code lifecycle.

Rooted in DevOps and agile software development methods, Sophos Factory combines tools, teams, and practices to standardize, secure, and reuse IT as code pipelines. It enables you to build modern solutions through collaborative automation, empowering Dev, Sec, and Ops teams to build upon accumulated knowledge efficiently.

Use Cases

xdr-graphic-small

SOAR and Incident Response

Effective incident response requires rapid action. With out-of-the-box prebuilt pipelines enabling many actions and integrations, Sophos Factory allows you to rapidly build pipelines to respond to security events by effortlessly tying together disparate technology and saving that pipeline for later use. See a new security event? Swiftly adjust the pipeline on the fly to speed up response time and ensure future events are effectively mitigated.

compliance-illustration-small

Compliance

Compliance is a journey. It’s ever-changing, and not a single point in time. Sophos Factory allows you to include any number of compliance steps as part of a deployment pipeline. Run and re-run the same compliance steps across the application, infrastructure, or network lifecycle. Continuously monitor old and new code for vulnerabilities and simplify your complex regulatory environment.

cloud-technology-small

Cloud Security

Securely automate cloud security no matter where it resides with native integration and management of AWS, Microsoft Azure, and Google Cloud Platform. Easily limit access to security-related configuration settings while enabling teams to access environments to deploy new and manage existing cloud services. Sophos Factory also helps teams optimize cloud deployment processes, saving time and money while increasing security.

zero-trust-graphic-small

App Security

The rapid adoption of the cloud makes securing applications problematic. With Sophos Factory’s automation pipelines, you can quickly introduce static and dynamic security scanning and testing at any step of the app delivery process. Add security to your existing DevOps workflows by leveraging integrations with GitLab, GitHub, Bitbucket, and other git providers.

server-protection-graphic-small

Network Automation

Network, firewall, and load balancer configurations are critical for every application. With Sophos Factory, network deployment and configuration are just another pipeline step. Automatically create backups, clone configurations, or make needed changes to support your physical and virtual network infrastructure.

city-small

Infrastructure Automation

You have a best practices diagram built out – but what’s the best way to deliver it? Sophos Factory makes it easy to build best practices and secure infrastructure flexible enough to use and re-use across all your environments. It also provides a safe, well-understood foundation for new hybrid infrastructure deployments and capabilities.

    Ecosystem

    Sophos Factory works with industry-leading partners to make automation accessible across your environment through pre-built DevSecOps pipelines published to solutions catalogs. 

    sophos-badge-logo-box
    aws-logo-box
    azure-logo-box
    google-cloud-logo-box
    hashicorp-logo-box
    mitre-logo-box
    cis-logo-box
    veracode-logo-box
    snyk-logo-box
    aqua-logo-box
    cyberark-logo-box

    Jobs

    Trigger your pipelines via jobs that control the data flow into your pipeline and enable a user to kick off a pipeline manually or setup on a schedule. For more sophisticated jobs, we enable interoperability to other systems through incoming webhooks, CLI tool, JavaScript API client, GitHub Action, or even develop directly against the Sophos Factory API. 

    Incoming webhooks support interoperability to other systems, and we include the following presets with many more coming: 

    github-logo-box
    gitlab-logo-box
    bitbucket-logo-box
    terraform-logo-box

    Modules

    Kickstart your DevSecOps journey by browsing pre-built automation content directly from the Sophos Factory solution catalogs or customize each pipeline with an extensive and growing list of step modules.

    Utilities

    Built-in

    Pause
     

    Built-in

    Debug Message
     

    Built-in

    Set Variables
     

    Built-in

    Write File
     

    Built-in

    HTTP Request
     

    Built-in

    Conditional Gate
     

    Built-in

    Assert
     

    Built-in

    Credential
     

    Secrets Management

    Hashicorp

    Vault

     

    Source Control

    Git

    Git Clone

     

    Cloud Infrastructure

    Microsoft Azure

    Resource Group
     

    Microsoft Azure

    ARM Template
     

    Microsoft Azure

    Azure CLI
     

    Google Cloud

    GCP Template
     

    Amazon Web Services

    AWS CloudFormation
     

    Amazon Web Services

    AWS CLI
     

    Hashicorp

    Terraform

     

    Config Management

    Red Hat

    Ansible Playbook

     

    Compliance Assessment

    OpenSCAP

    OpenSCAP Scanner
     

    CIS-CAT

    CIS-CAT Assessor

     

    Container Tools

    Docker

    Docker Build & Push

     

    Scripts

    Local

    Shell Script
     

    Python

    Python Script
     

    Node.js

    Node.js Script
     

    Microsoft

    PowerShell Script
     

    Google

    Go Executor

     

    Kubernetes

    Kubernetes

    kubectl
     

    Helm

    Helm Chart
     

    Helm

    Helm CLI

     

    Vulnerability Scanners

    BridgeCrew

    Checkov
     

    Accurics

    Terrascan
     

    SonarSource

    SonarScanner

     

    Container Security

    Aqua Security

    Trivy

     

    Tool Installers

    Tool Installer

    Install Node.js
     

    Tool Installer

    Install Java
     

    Tool Installer

    Install Go
     

    Tool Installer

    Install Python

    Community Edition

    Sophos Factory’s community edition allows two users to take advantage of one runner and three projects at no cost.

    Sophos Factory’s community edition allows two users to take advantage of one runner and three projects at no cost. Community edition users are additionally entitled to two-week run retention of data, limited SLA, and email support. Features include:

    access-controls-icon

    Command line interface

    The DevOps-friendly CLI running alongside the graphical pipeline builder allows DevOps and cybersecurity teams to collaborate on the same platform together, using tools they are already familiar with.

    icon-cloud2

    Virtual machine runners

    The platform now provides cloud-hosted virtual machine runners, enabling running arbitrary Docker containers in pipeline steps. This addition allows more users to bring their existing solutions into the platform with minimal friction.

    tools-installers-icon-orange

    Tool installers

    New “tool installer” step modules automatically install automation tools onto the pipeline runner behind the scenes. This feature eliminates custom setup steps to install or upgrade/downgrade tool installations before running pipelines. Supported tools include Python, Node.js, PowerShell, Ansible, Terraform, Vault, CIS-CAT Assessor, Azure/AWS CLIs, kubectl, Helm, and more.

    Shield

    Credential integrations

    Users can now more easily integrate with external secrets management systems by “importing” secrets into Sophos Factory’s streamlined credential system at runtime. This feature enables deeper integration with popular key stores, such as HashiCorp Vault. It is also a highly secure pipeline execution, where secrets only exist within Sophos Factory’s isolated ephemeral runners on an as needed basis.