Kovair DevOps – Major Value Propositions
1. Provides Low Code/No Code Drag-and-Drop configurable task-based CI/CD Pipeline
2. Supports combination of both manual and automated activities in a pipeline wherever necessary for process adherence
3. Monitor and manage multiple pipelines across multiple projects with complete visibility to Value Stream
4. Supports edge computing with deployments over public/private/hybrid cloud, Kubernetes clusters or any on premise and VM environment
5. The platform is certified by Red Hat Enterprise Linux and OpenShift container platform. Available on both Azure and Amazon cloud marketplace.
6. Smooth integration with ESB like Omnibus that supports 110+ integration beyond the boundary of CI/CD
7. Application-centric security services to predict, detect, mitigate and respond to threats – a separate Kovair service
Learn more - https://www.kovair.com/devops/
2. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
2
Kovair DevOps – Major Value Propositions
Monitor and manage multiple pipelines across multiple projects with complete visibility to Value Stream
Supports edge computing with deployments over public/private/hybrid cloud, Kubernetes clusters or any
on premise and VM environment
Provides Low Code/No Code Drag-and-Drop configurable task-based CI/CD Pipeline
Supports combination of both manual and automated activities in a pipeline wherever necessary for
process adherence
The platform is certified by Red Hat Enterprise Linux and OpenShift container platform. Available on both
Azure and Amazon cloud marketplace.
Smooth integration with ESB like Omnibus that supports 110+ integration beyond the boundary of CI/CD
Application centric security services to predict, detect, mitigate and respond to threats – a separate
Kovair service
3. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
3
Command
line Plugin
SecOps Service Layer
+ Custom
Security
plugin
4. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Design and Delivery Approach to Service in 1st Phase
Secure Design and
Architecture
Secure Coding
Continuous Build,
Integration and Testing
Continuous Delivery and
Deployment
Runtime Defense and
Monitoring
Stage
Triggers
Security
Activities
SAST
SCA
Secure code
review
SAST
SCA
Container and
Image Scan
Systems, Containers
and Network
Vulnerability
Monitoring
RASP
Application Testing
and Fuzzing
Penetration
Testing
Systems,
Containers and
Network
Vulnerability
Scan
Artifacts and
Image
Repository
Scan
Integrated
SAST via IDE
Plugins
SAST of
Source Code
Repo
DAST
Fuzzing
IAST
Image Scan
Sign
Continuous
Instantiate
Infrastructure
Continuous
Publish to
Artifact and
Image
Repository
Stage
and Test
Package
Build and
Integrate
Developer
Code
Continuous
Pull, Clone
or Commit
Application
or Feature
Design
Threat
modeling
Baseline and
Assess
Security
Controls
Kovair Service Offered
SecDevOps Platform and Services
5. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
5
Kovair DevOps – Features
Multiple release support within a project with release-based pipeline management
Release calendar for tracking releases with release overtime indicator
Support for multiple OS (Windows & Linux) and databases (MariaDB, MySQL, SQL Server, Oracle)
Task based easy to configure pipelines with both sequential & parallel tasks
Support for cloud-based installation, docker image, and downloadable installer
Group based access to project, pipeline, and dashboard
Intuitive and simple UI with minimum clicks with agent-based execution for scalability.
6. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Control Execution of Pipeline through Email
Manage
pipeline
execution
from e-mail
Start a
pipeline
List active
pipelines
owned by
user
Stop a
running
pipeline
Check
status of a
Current
pipeline
Check last
run status
of pipeline
Check
application
server
health
7. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Container Support
• Build Docker images from a
Dockerfile
• Push an image to the repository
• Pull an image from the repository
• Run a docker image
• Execute Docker Command
• Deploy File
• Delete File
• Create Namespace
• Create Job
• Delete Job
• Create Deployment
• Execute Generic Command
• Create Project
• Create New Application
• Create Route
• Create Deployment
• Create Service
• Create Config Map
• Create Job
• Execute Generic Command
8. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Manage Infrastructure through Plugins
• Initialize a working directory
containing Terraform configuration
files
• Create an execution plan
• Apply a plan
• Destroy all created resources
• Create a job against a job
template and launch the newly
created job
• Relaunch an existing job against
a job template and launch the
newly created job
• Create a chart directory along
with the common files and
directories
• Install a new helm package
• Upgrade a release to a new
version
• Uninstall a release
• Execute Command in the Helm
CLI
9. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Security Testing
• Create an application if it doesn’t
exist.
• Create a build
• Upload the WAR file into the scan
• Perform pre-scan
• Perform static scan
• Fetch report data
• Create an application if it doesn’t
exist.
• Create dynamic analysis
• Fetch report data
• Get Applications
• Create and Execute Scan
• Get Scan Status
• Get Scan Report
• Delete Scan
Static Application Security Test
(SAST)
Dynamic Application Security Test
(DAST)
Dynamic Application Security Test
(DAST)
10. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Kovair DevOps Platform – Reports
11. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
11
Why Kovair DevsecOps is the need of hour?
Note: Contact Kovair for more details, sales@kovair.com
CxO’s including CISOs / CIOs / CTOs and the Board of Directors
need solutions for Cybersecurity Governance with Real-Time
Dashboards!
Teams need Collaboration solutions which enforce and monitor
compliance to policies! And Enable Compliance to US and ISO
Standards. Examples: ISO 27005 and FedRAMP.
Evidence-based advice and education on the critical issues in
digital transformation and cybersecurity risk oversight.
Enabling Certification of digital and cybersecurity governance to
shape and secure the digital future for everyone.
Source: UCLA Anderson School of Management,
DDN: Digital Director’s Network on Cybersecurity
Governance
12. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Kovair DevSecOps - Security As A Service
Application
Development
Lifecycle Security
Application
Systems and
Infrastructure
Hardening
Application
Production Hosting
Security
Application &
Digital Risk
Monitoring
360°
Protection
13. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Kovair DevSecOps - Security As A Service – Use case 1
Service helps to assess what type of
application data is out there and
identifies attacks, breached material,
credentials, intellectual property,
social media, monitoring, and brand
infringement by harvesting data
available on the visible, dark & deep
web.
Extended Detection and Response
Management (XDRM) Services monitor the
entire web to detect application-
related risks, alert, investigate and
even take down the offending content.
Application &
Digital Risk
Monitoring
Predict your organization’s
application risk
14. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Kovair DevSecOps - Security As A Service - Use case 2
Services will include Internal
Vulnerability assessment & Penetration
testing, External Vulnerability
assessment & Penetration testing.
On-Prem or Cloud Security Architecture
Review and Data Flow analysis on the
application production environment and
provide recommendation.
Data Centric Security Posture
Management assessment and remediation
support.
Application
Development
Lifecycle Security
Detect your organization’s application risk in
development
15. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Kovair DevSecOps - Security As A Service - Use case 3
Services will include source code
review on first party and 3rd party.
API Security assessments. External
security assessment on application
including Blackbox testing. Provide
recommendation and remediation support.
Support in creating security policies,
guide developers and operators to
understand security requirements and
best practices to deliver secure codes
and serve as advisors.
Bridge resource gaps with our team of
security experts by extended
application security resourcing support
and training.
Application
Production hosting
Security
Mitigate your organization’s application risk in
production
16. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Kovair DevSecOps - Security As A Service - Use case 4
Services will include attack surface
analysis & threat modelling to chalk
out the mitigation strategy in short
term, mid term or long-term Example of
such mitigation includes hardening of
application stack through different
means on the hosting infra.
Hardening of web application firewall,
hosting servers, traffic between
distributed layers.
Identity assessment management and
anti-DDOS
Any other tailor-made solution
Application
Systems and
Infrastructure
Hardening
Sustain your organization’s application risk by best practices
hardening
17. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Competitive Analysis
Features Kovair DevOps Jenkins GitLab Circle CI
Supported Platforms
Windows, Linux, Docker
Image
Windows, MacOS Vibrant,
Linux, Docker Image
Linux, macOS, Windows Linux, macOS
License Commercial
Basic Version - Open-
Source
Advanced - Commercial
Basic Version - Open-Source
Advanced - Commercial
Free for open-source projects and
Free plan for CircleCI Cloud –
upto 1000 build minutes/month,
1 container, and 1 concurrent job
Hosting On-premise and Cloud On-premise On-premise and Cloud On-premise and Cloud
Prerequisites JRE, Tomcat JRE
Node.js, Git, Ruby, Go,
Redis
Teraform, Kubectl, Helm,
HelmDiff, VeleroCLI, AWS and so
many
No Code/ Low Code Support Yes Yes No No
Pipeline Configuration UI & YAML UI & Groovy Script YAML YAML
Manage & Execute Pipeline
through E-Mail
Yes No No No
Custom Commandline Plugin Yes No No No
Triggering a pipeline from
another pipeline
Easily configurable Easily configurable Yes, but with YAML Yes, but with YAML
Release Calender Yes No No No
Support/SLA Yes
No official support
available
or SLAs for Free Edition
No official support
available
or SLAs for Free Edition
Yes
Cloud Marketplace Yes No Yes Yes
Application & Digital Risk
Monitoring
Yes No No No
Application Production
hosting Security
Yes No No No
Application Development
Lifecycle Security
Yes No No No
Application Systems and
Infrastructure Hardening
Yes No No No
18. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
18
Sample Kovair Customers
BFSI
Healthcare
Industrial
Telecom
Semiconductor /
Hardware
Gov’t and
Defense
19. Kovair Proprietary information. Not for disclosure or sharing with any other third party without Kovair’s prior written permission
Thank you!
For more information
Email: info@kovair.com, sales@kovair.com
Web: www.kovair.com
Follow us