π Workshop 4 β The Grand Finale
Workshop 4 of 4 β The Grand Finale of the Agentic DevSecOps Series
| Β | Workshop | Focus |
|---|---|---|
| π‘οΈ | WS1 β Trust Boundary & Platform Trust | WHERE does development happen? |
| π | WS2 β Secure by Design Guardrails | WHAT prevents bad code from landing? |
| π | WS3 β Supply Chain Integrity & Code-to-Cloud Visibility | HOW do we trust the delivery path? |
| π | WS4 β Operational Response & Continuous Improvement (YOU ARE HERE β FINALE) | WHAT happens when things go wrong? |
DevSecOps doesnβt end at deployment. In this final workshop, you detect a runtime incident, measure your Mean Time To Resolution (MTTR) with AI-assisted remediation, and execute 5 concrete feedback actions that strengthen every layer built in Workshops 1β3 β proving that DevSecOps is a closed-loop operating model.
Thesis: βDevSecOps doesnβt end at deployment. Response feeds back into design, policy, and detection β closing the loop.β
π‘ Key Insight: βDevSecOps is not a set of tools. It is a closed-loop operating model.β
NIST SSDF Alignment
This workshop maps to RV β Respond to Vulnerabilities in the NIST Secure Software Development Framework:
| NIST SSDF Group | Workshop | Focus |
|---|---|---|
| PO β Define Security Requirements | WS1 π‘οΈ | Trust boundary, org policies, platform trust |
| PW β Produce Well-Secured Software | WS2 π | Code scanning, secret scanning, guardrails |
| PS β Protect the Software Supply Chain | WS3 π | OIDC, attestations, Defender visibility |
| RV β Respond to Vulnerabilities | WS4 π | Runtime detection, MTTR, continuous improvement |
π Curriculum
| Step | Title | Duration |
|---|---|---|
| Setup | Environment Setup | ~10 min |
| 1 | Runtime Incident Detection | ~10 min |
| 2 | AI-Assisted Investigation & Remediation | ~15 min |
| 3 | Continuous Improvement Loop (Grand Finale) | ~12 min |
π― Learning Objectives
By the end of this workshop, you will be able to:
- Detect a runtime incident using SRE Agent and correlate it with Defender for Cloud
- Measure Mean Time To Resolution (MTTR) with timestamps at each response phase (T0 Alert β T5 Resolved)
- Use Copilot coding agent to accelerate incident remediation while maintaining human approval at every gate
- Execute concrete continuous improvement actions β update rulesets, custom instructions, tests, and the threat model
- Verify the improvement loop closes β the same incident class is caught earlier on subsequent occurrence
π¬ Discussion Prompts
Use these questions for team reflection after completing the exercises:
-
MTTR Reality Check: βWe measured MTTR in this exercise. Whatβs your teamβs current MTTR for production incidents? Where are the biggest time sinks β detection, investigation, approval, or deployment?β
-
NIST Compliance: βNIST SSDF RV.3 requires root cause analysis. How would you ensure that incident learnings actually reach the developers who need them β not just the SRE team?β
-
AI Autonomy Boundaries: βSRE Agent and Copilot both proposed actions that required human approval. In what scenarios would you be comfortable increasing AI autonomy? Where would you never do so?β
-
Automation Risks: βIf this feedback loop ran automatically β incident β Copilot PR β auto-merge β redeploy β what could go wrong? What safeguards would you need?β
π Optional Extensions
| Extension | Description | Time |
|---|---|---|
| A. Incident Report Generation | Compile the MTTR timeline into a structured incident report for compliance | ~15 min |
| B. PagerDuty / Slack Integration | Configure SRE Agent alert routing to your teamβs incident management tools | ~10 min |
| C. Multi-Incident Comparison | Stage a second, different incident β measure MTTR β compare with first | ~20 min |
| D. Automated Regression Suite | Build a full manifest validation pipeline with OPA/Gatekeeper policies | ~20 min |
π References
| Resource | Link |
|---|---|
| GitHub Copilot Coding Agent | docs.github.com |
| GitHub Custom Instructions | docs.github.com |
| GitHub Security Campaigns | docs.github.com |
| NIST SP 800-218 (SSDF) | csrc.nist.gov |
| NIST SP 800-218A (AI & SSDF) | csrc.nist.gov |
| Azure SRE Agent | learn.microsoft.com |
| Microsoft Defender for Cloud | learn.microsoft.com |
| Kubernetes Probes | kubernetes.io |
π Series Conclusion
βWe started by defining WHERE development trust lives. We built guardrails to prevent bad code. We secured the pipeline and gained visibility. And now weβve closed the loop β every incident makes the entire system stronger.β
This is Agentic DevSecOps.
WS1 π‘οΈ Trust Boundary & Platform Trust
WS2 π Secure by Design Guardrails
WS3 π Supply Chain Integrity & Code-to-Cloud Visibility
WS4 π Operational Response & Continuous Improvement β COMPLETE