CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.

General Information

What is Secure DevOps?

Leidos' Secure DevOps (SDO) provides tools and processes to enable development teams to come up to speed quickly in a collaborative environment that includes a Wiki, Code Repository, Ticketing system, Persistent Chat, and CI/CD pipelines out of the box.  With the addition of security tools, development teams are able to meet secure coding and secure software build requirements in a traditional or an Agile Software Development Lifecycle (SDLC).  

In the SDO model, every team member is accountable for security.  SDO pipelines include automated security audits and testing through the entire software lifecycle, resulting in improved software quality, and increased speed of security decisions and actions during development and operations.  SDO introduces security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to our customer’s mission objectives.  The Leidos CI/CD pipelines automate core security tasks by embedding security audits, testing and processes early in the DevOps workflow (rather than being bolted on at the end).  Our approach to SDO results in rapid availability, reliability, code quality and security while new software capabilities are continuously released into customer test and production environments. 

As a set of processes, SDO fits into any SDLC and is compliant with Leidos Engineering Edge® NextGen and SAFe™ processes and frameworks.  We understand that not all projects require the same tools and technologies to deliver the optimal pipeline solution for each customer.  We tailor the Leidos SDO Toolchain to provide each customer project with a best value approach based on their unique requirements. For more on "What is SDO" check out Secure DevOps Concept of Operations and Tools.

Additional details: 

How does Secure DevOps satisfy our DFARS requirements for protection of controlled data (e.g., CDI, CUI, PII, FOUO, SBI)?

National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 outlines cybersecurity-related requirements for government contractors.  We have implemented security controls to achieve compliance with all 110 NIST 800-171 requirements needed for a moderate impact system.

The Defense Federal Acquisition Regulation Supplement (DFARS), which requires NIST compliance, took effect for contracts originating after December 31, 2017. These requirements protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations.

The various types of Controlled data:

  • PII Data
    • Background Checks
    • Driver’s License Data
    • Employment / HR Information
    • Genetic / Biometric Information (including DNA)
    • Government Issued ID Numbers (state, federal, military, student, etc.)
    •  Individual Identifying Information (age, gender, sexual orientation, religious affiliation, marital status, number of children, race, ethnicity, national origin, political party, income range, purchase history, buying patterns, etc)
    • Information collected through websites under a terms of use or privacy policy
    • International data flows of PII (work contract information, name, telephone or fax number, license plate numbers, Vehicle ID numbers, email address, other online contact information such as screen names, web URLs)
    • Passport Numbers
    • Persistent identifier (customer data held in a "cookie" or processor serial number)
    • Personal Information (home address, phone)
    • Pictures/Video of Individuals
    • Social Security Numbers
    • Other information collected under a contract with a privacy clause
    • Other information subject to the Privacy Act of 1974 (See Privacy Act of 1974)
  • Export Control
    • Technical data as defined by the International Traffic in Arms Regulations (ITAR) or Export of Arms Regulations (EAR). This is technical information that is required for the design, development, production, assembly, operation, repair, testing, maintenance, or modification of defense articles.
  • PCI
    • Bank Account Numbers
    • Credit / Debit Card Numbers
    • Credit Reports
    • Other Financial Information (PIN, passwords or access codes, financial account data, bank records, tax return information, wire transfers, consumer information)
  • HIPAA
    • De-Identified PHI
    • Disability Information
    • Health insurance information
    • Health records
    • Information collected under a Business Associate Agreement
    • Medical History
    • Protected Health Information (PHI) (e.g. medical record, laboratory report, hospital bill, etc.)
    • Treatment/Diagnosis (with respect to an individual)
  • Government Sensitive (CDI/CUI)
    • Data that is considered Covered Defense Information (CDI) See Covered Defense Information (CDI)
    • Controlled Unclassified Information (CUI), For Official Use Only (FOUO), or Sensitive but Unclassified (SBU)

Can I host Secure DevOps in my own environment and still utilize the Enterprise License Agreements (ELAs)?

The short answer is yes!  You can use the Atlassian Service Desk to request Atlassian licenses. 

Has the Secure DevOps solution been implemented or is it in the planning stages?

SDO is live, has many active projects supporting 100’s of users and is hosted in ECM.  The number of SDO users continues to grow each month. 

We have implemented the 110 NIST 800-171 controls required of a moderate impact system and have been granted an Authority to Operate.  As part of this activity, we have developed our Supplemental Security Plan (SSP) that can be seen here.  The SDO Service Desk  (implemented using JIRA Service Desk is operational) for projects to request a new cloud-hosted project; add or remove staff from existing projects; report problems; identify reusable components and code for submission into the Leidos Enterprise Code Repository (ECR); add or remove tools from their project toolchain; request consultation; request customization to workflows, permissions, roles and scanning presets; request consultation support; or just ask a question of SDO Engineering. 

What is the cost to the Line of Business (LOB) to have their instances hosted in the Secure DevOps solution?

We don’t host separate SDO instances.  We on-board projects into our enterprise instances that are stood up using Data Center versions of all the tools and are configured and installed to be highly available (i.e., clustered architectures) across multiple AWS Availability Zones.

There is no service center cost today for projects to use our SDO capability.  However, we have been tasked by Senior Leadership to develop the chargeback model for standing up a service center in FY24.

How are the current Corporate Enterprise License Agreements (ELAs) for the Atlassian tools affected by the Secure DevOps solution?

Existing corporate ELAs are not affected.  The Atlassian Data Center products used to install the enterprise solution are licenses that fall under the ELA.  Other licenses that have been granted under the ELA are not impacted.  

However, if and when there is a cost to using the cloud hosted tools, projects should carefully evaluate the cost of administering their own local solutions versus the cost of using an enterprise solution that is administered for them and is built for high availability, backups, administered, patched, NIST compliant, etc.

How much does it cost to host my project in Secure DevOps?

Contact Goodwin, Rick G. [US-US].

How do I create a new project in Secure DevOps? 

You can view the How To article to understand the process to create a new project in SDO.  Aa new project request on the SDO Service Desk must be submitted to initiate the project.

What is the difference between Enterprise-Hosted and Self-Hosted projects?

Enterprise-hosted means that the project is hosted in the SDO environment within the Leidos Enterprise Cloud Management.  Self-hosted is based on the Leidos Portable SDO solution, where the project uses our Infrastructure as Code and User Guides to deploy containerized versions of DevSecOps applications and tools for installation on Azure, AWS or VMware virtual machines. The Portable SecDevOps team, contact Goodwin, Rick G. [US-US], can provide support to deployment and configuration of pSDO for self-hosted projects.  You can find more information regarding pSDO here.

Would Secure DevOps Atlassian offerings have all the capabilities of our local instance?

The SDO Enterprise offers the entire Atlassian suite.  Our Jira, Confluence, Bitbucket, Bamboo, Fisheye and Crucible are all hosted and accessible. Our Atlassian applications are also integrated with the tool chain offerings described in the SDO Tools and Technologies (Artifactory, Ansible Tower, CxSAST, Cucumber, Gradle, Selenium, SonarQube, Xray, etc.).

How do I migrate my project from my current hosted environment into Secure DevOps?

In order to migrate your existing project into the SDO environment, you must submit a "migrate project request" on the SDO Service Desk .  Be sure to add as much detail and the requirements for the SDO as possible.  SDO Engineering reviews your request and schedules an engineering meeting to discuss the details and potential migration schedule. Migration requests can be complex and must be thoroughly planned to protect the integrity of the project, its data, and the SDO environment serving other projects.

How do I find my Project Key?

Your project key is defined in the Add New Project when the project is created.  It is generally the acronym for your project.  If you are a project administrator, go to any page in your project space.  In the left navigation panel, click on the Space Options  and select Overview.  The Key is displayed on that page. If you have a project in Jira, your project key is the prefix for your issues (Epics, Stories, Tasks).

Knowledge Base (KB)

Did you know SDO has a knowledge base?  Did you know SDO users can contribute to the SDO knowledge base?  The following articles describe how the SDO community can contribute to the SDO Knowledge Base through page restrictions and labels.

How do I share my project's "How To" articles in the KB?

If you have pages or articles you wish to add to the KB, you must create a blank page to receive the link to your project space's shared page.  Refer to this knowledge base article for more details.

Users

Does the Secure DevOps solution require all users (internal and external) to have Leidos accounts?

Yes.  We would like to hear from projects that have requirements for external users.  Since our current SDO solution is hosted in AWS GovCloud (via Leidos Enterprise Cloud Management (ECM)), all users must be US Citizens working on US soil, must obtain a Leidos account, and have obtained a Leidos One Time Password (OTP) token.  Any Non-Leidos (customers or subcontractors) must have a Leidos Sponsored account with an OTP to be able to access SDO services.

How do I add new users to my project?

You can submit a new project request on the SDO Service Desk .  Select the Add/Remove User(s) request from the portal.  To add users, add the list of users in the Users text box, separated by commas.  To add administrators, add the list of administrators to the Administrators text box, separated by commas.

How do I remove users from my project?

You can submit an Add/Remove User(s) request on the SDO Service Desk .

How do I change a user's group on my project?

You can submit an Add/Remove User(s) request on the SDO Service Desk . Enter the user's name in the appropriate text box on the form.  In the description, provide details such as, "Change role for Sam Smith from Administrator to User."

How do I change a user to Read-Only on my project?

If the user is already a member of the project and you want to override their access, the Project Administrator can make these changes in Jira and Confluence.  Refer to this article for more detailed information.

How to change the project lead in my Jira project?

Anyone in the project's administrator group can change the Project Lead.  Refer to this knowledge base article for details.

My project is ending.  How do I delete my project from Secure DevOps?

You can submit a remove project request on the SDO Service Desk .

How can I see the users in my project?

Go to your project's Team Members page.  You will see the roles and users for your project.

What is a Service Account and why do I need one?

Service accounts are required for the Continuous Integration/Continuous Deployment offerings in SDO.  If your project does not use Artifactory, the Bamboo Pipeline, or CxSAST, you do not need a service account.  If your project has provisioned Artifactory, Bamboo Pipeline, or CxSAST, a service account was created for your project. The project service account performs privileged actions on behalf of any project user who initiates pulling Docker images from Artifactory, executing the Bamboo Pipeline, or executing CxSAST scanning.

The service account name is generated using the naming convention.  SRVC-<project acronym>. For example, the SecDevOps reference project ODOS, has a service account, SRVC-ODOS, to execute the Bamboo Pipeline.

Refer to Service Accounts for more detailed information.

How to add participants (cc) to a Service Desk request?

If you create a service desk request and you would like to add users you can use the shared option after the item has been created.  Refer to this knowledge base article for details.

Enterprise Code Repository (ECR)

What is ECR and where does it reside?

ECR is a repository for sharing reusable code (raw code, snippets, shared project workflows, code documentation, etc.) or project artifacts (resources, binaries, etc.). The main tools provided are Bitbucket and Artifactory.  All code/resources submitted to ECR are subject to a review for share-ability by the project based on contract and export constraints. One a particular project has been deemed sharable, future submissions are automatically grandfathered under the initial approval.  Use the following table determine which tool is appropriate for the associated content types.

Tool/ApplicationContent Type
BitbucketCode
Documentation for submitting code and resources
Artifactory (optional)Binaries
Resources

Why would I want to use ECR?

ECR enables reuse of source code, artifacts, and project resources across the Leidos software community. It provides a GitHub-like community around shared Leidos resources. Sharing organizations can share once or often as they own the code and the rhythm for sharing new releases of software. Leidos U.S. developers have access to the shared resources, allowing them to search, clone, discover, and, while using SecDevOps processes and CI/CD pipelines, automate the download, build, test, and integration of the shared software managed in ECR.  Refer to the ECR Sharing Code and Artifacts User Guide for more information.

What is the process for submitting code to ECR?

The code owner opens a request in the SDO Service Desk to Submit Reusable Code.  Once the request is received, a project will be created and the requestor can submit the items for reuse.  Refer to this knowledge base article for details and the workflow.

What are the ECR Use Cases?

The preliminary use cases for ECR are

  • Push and Forget
  • Push and Sync
  • Push and Pull
  • Fork or Clone

Refer to the ECR Branching and Merging Guide or the quick summary of ECR Use Case articles

What documentation is required for submitting code to ECR?

In order for the Leidos Developer community to easily search ECR for reusable code, we require the following minimal documentation

  • Index.rst - contains links to the Governance.rst file and any README.md or other documentation provided with the code.
  • Governance.rst - contains the approval to share details including contract restrictions or ITAR details
  • Governance.xslx - the source file for generating the Governance.rst file

For ECR Documentation details, visit this article, Documentation Requirements for ECR

For a details on the final searchable ECR documentation hosted in the Enterprise Document Repository, visit this article, Enterprise Document Repository (EDR) Primer

Applications and Tools

How do I add tools to my project?

SDO Tools and associated Responsibilities are identified.  You can submit an Add/Remove Tool(s) request on theSDO Service Desk.

What do the default workflows look like?

Projects that request Jira will have a project provisioned with default workflows.  For projects with customer constraints, we have the ability to customize Jira to meet your needs. Visit this knowledge base article for a visual representation of the default workflows. For customizing your project, 

Why does my new Confluence Space have so many pages?

The template for new project spaces was based on input from several projects and industry standards. Once you have your project space, you can modify it to suit your project's needs.  However there are a couple of items that SDO leadership needs you to maintain.  See this knowledge base article for additional information.

Does Secure DevOps support Atlassian Marketplace plug-ins?

Plugins have been licensed, installed, and configured in the SDO Atlassian application offerings.  Because plug-ins are licensed at the application level, we do not allow projects to install plug-ins at will.  There is a process for recommending a plug-in be added to the SecDevOps Atlassian offerings.  Visit this knowledge base article for additional information.

Are there any functionality differences for adding Marketplace add-ons and custom configurations? 

There are no functional differences. SDO is current with the latest enterprise release of each of the products.  Jira, Confluence, and Bitbucket are Data Center versions, thus all Marketplace add-ons are Atlassian approved Data Center compliant. The SDO process for requesting add-ons not already installed is to submit a request through the SDO Service Desk and it will be reviewed by the SDO Governance board.  If approved, the add-on will be purchased and installed.  Bear in mind, all recommended Marketplace add-ons are reviewed based on the multi-tenant environment and Data Center compliance. If the add-on is useful to the enterprise and compliant, it is highly likely it will be approved.  Refer to Customization for project customization details. 

  • In general, for Jira, Bitbucket, and Confluence, are all Data Center instances and we do not allow add-ons that are not compatible with Data Center.
  • Our policy is to review all add-ons for compatibility and enterprise use cases. If an existing add-on provides similar or overlapping functionality, we are not in the practice of installing multiple add-ons just because the “flavor” of functionality is preferred by one program.  We would rather encourage standardization on one add-on than to introduce three add-ons that essentially provide the same functions (just in a little different way).  

NOTE:  our Atlassian products are hosted on Linux operating systems so any add-on that requires the Microsoft operating system would not be allowed. If the add-on will benefit the enterprise and it is compatible, the process for procurement is usually approved. When a service center is introduced, the cost model will be such that the cost of all add-ons will be shared by the tenants.

Has there been any discussion regarding the migration from Hipchat to Slack (Hipchat was rendered end-of-life (EOL) by Atlassian effective 30 May 2019) as part of the SecDevOps solution?

SDO offers Mattermost as the developer collaboration platform which has prepackaged web hooks for integration with JIRA and Confluence.

How do I import my CSV backlog into Jira?

This action is reserved for one-off bulk imports of Jira Issue Types into your project backlog.  It is performed at the Jira Application level and any errors or failures may impact all projects in Jira.  Due to potential labor intensive and potential for impacting the Enterprise, SDO cannot accept CSV files that are not generated from our template. You will request a SDO Import template, input your data, and attach your completed SecDevOps Import template to your SDO Service Desk request. You can use this Knowledge Base article for additional information.

Can I perform bulk changes to Jira issues?

This is a privileged task and is available to SDO Administrators and/or the Project Administrator.  There are several permutations for performing bulk changes such as, update fields, stop watching, delete issues, etc. Refer to the How To articles for instructions on bulk editing. You can use this Knowledge Base article for additional information.

How do I use Git over SSH?

It is possible to use ssh access to Git within SDO however, the solution depends on how ssh is being used.  You can use this Knowledge Base article for additional information.

Describe my project's Artifactory Repository.

Every project that uses Artifactory will have two repositories (snapshot and release) and two levels of permission (admins and users). You can use this Knowledge Base article for additional information.

Do Confluence attachments have limits on versions or size?

Confluence attachment size limits are 100MB.  Confluence manages version control on pages and attachments and we have articles for attachment best practices.  SecDevOps has added a plugin to Confluence for locking attachments during editing.  You can use this Knowledge Base article for additional information.

How do I change the default assignee in my Jira project?

Jira allows project administrator roles to update the default assignee setting for your project.  You can use this Knowledge Base article for additional information.

Should I use Bamboo or Jenkins?

SDO cannot make this decision for project teams. Each tool is a fully capable CI/CD automation server with its own advantages and disadvantages. Atlassian Bamboo is a commercial product tightly integrated with the other Atlassian products in the SDO toolchain. Jenkins is a widely used open-source product with which many teams may already be familiar.  By having a choice of tools, SDO project teams can conduct their own evaluation, leverage the experience of their members and choose the CI/CD server that best suits their unique requirements. There are many external from vendors and/or blogs(e.g., example Bamboo versus Jenkins article) and resources on the web that may form the basis of an evaluation.

How do I know what plugins are installed in Jenkins?

See How to Find Supported Jenkins Plugins.

What is a Bamboo Per-build Container (PBC) and how do I get started?

 A Bamboo Per-build Container (PBC) is an instance of a Dockerfile that runs in a Kubernetes pod and that encapsulates all the tools and resources necessary to execute the steps required to integrate, build and test (CI) a piece of software for subsequent deployment (CD) as production code. PBCs thus effectively and securely isolate and decouple the unique CI/CD concerns of each project from other projects and the Bamboo execution environment. Each project that requests Bamboo as its CI/CD server will receive a Bamboo PBC Build Agent Template project that can be modified to suit the particular build requirements of each software artifact that is being developed. See How to Use the Bamboo PBC Build Agent Template and How To Create a Bamboo Build Agent.

How do I copy resources into my Docker Per Build Container?

There are two use-cases for this article

  1. You are building a Docker PBC using the provided Docker build agent and need to copy resources into your image definition.
  2. You are building an artifact and require functionality not provided by any existing Bamboo plugin, for example: uploading Artifactory build-info and triggering a subsequent Xray scan of an uploaded Docker image.

Refer to this knowledge base article for additional information.

Testing Tools

What testing tools are available in SecDevOps?

The majority of testing tools employed in the SecDevOps environment are provided as Docker containers, including SonarQube, SeleniumGrid, and JMeter. To manage and orchestrate these containerized applications, a Kubernetes cluster runs on EC2 instances within each of the availability zones. The Kubernetes Master orchestrates the provisioning of Docker containers across a series of Kubernetes Nodes and maintains the desired state of the Kubernetes cluster.

What is SonarQube?

SonarQube is a quality management platform that continuously analyzes and measures technical quality. It  is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugscode smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated codecoding standardsunit testscode coveragecode complexitycomments, bugs, and security vulnerabilities.  The platform includes a single SonarQube Server that stores and displays scan results as well as multiple SonarQube Scanners running on the Continuous Integration servers that perform the actual code scans. Currently the SDO environment has a single SonarQube server instance.

What is SeleniumGrid?

SeleniumGrid enables parallel execution of multiple functional browser tests across different target browsers and operating systems. SeleniumGrid uses a hub-node concept where a test is run on a single machine (hub) but the execution is performed on different machines (nodes). As such, the number of simultaneous Selenium tests that can be executed equals the number of nodes available.

What is JMeter?

JMeter is pure Java open source software, which was first developed by Stefano Mazzocchi of the Apache Software Foundation, designed to load test functional behavior and measure performance. You can use JMeter to analyze and measure the performance of web application or a variety of services. Performance Testing means testing a web application against heavy load, multiple and concurrent user traffic. JMeter originally is used for testing Web Application or FTP application. Nowadays, it is used for a functional test, database server test etc.  The SDO environment provides a suite of remote JMeter servers that can be leveraged by JMeter clients to distribute load testing and represent a large number of virtual users.

What is Xray Test Management for Jira?

Xray is a complete test management tool that supports the entire testing life cycle:  test planning, test design, test execution, and test reporting. It is provided by default to all Jira projects. Visit the Xray Documentation for complete details.

Continuous Integration/Continuous Deployment (CI/CD)

What is CI/CD in SecDevOps?

The SDO architecture leverages Atlassian Bamboo as its continuous integration server, partially due to its seamless integration with the remainder of the Atlassian suite and relative ease of use for establishing automated integration and delivery/deployment pipelines. Currently, Bamboo does not provide a high availability configuration such as the data center versions of Jira, Bitbucket, and Confluence. As a result, the SDO environment deploys the Bamboo Server and remote Bamboo build agents as Docker containers running within a Kubernetes cluster.

Structured data produced by Bamboo are written and read to/from the Amazon RDS for PostgreSQL service, as detailed above. 

Unstructured data produced by Bamboo are stored on the shared SoftNAS network attached storage (NAS) instances installed on EC2 instances with attached Amazon Elastic Block Store (EBS) volumes.

In order to execute CI/CD within your project, you will need to request a service account.  This is usually done when you create your project in SDO.  A service account is a project level account that acts on behalf of your project user who initiates the Bamboo pipeline. The service account provides access between the CI/CD tools on your behalf.  It does not have login access and is only run within the SDO environment. Your project's service account cannot be used by any other project.

What orchestration tools are offered in Secure DevOps?

At this time, SDO orchestration offerings include Bamboo and Jenkins.

Scanning Tools

What is CxSAST?

CxSAST is a robust static source code analysis tool that automatically scans uncompiled code and identifies hundreds of security vulnerabilities in prevalent coding languages. The distributed deployment of CxSAST includes a single CxManager that performs all system functions such as project/scan configurations. The CxManager is supplemented by a cluster of CxEngine instances that perform the actual code scans in parallel.

What is JFrog's Xray?

JFrog Xray is a binary vulnerability scanner for Artifactory repositories and is part of the SDO CI/CD offering.  Some of its features are

  • Deep pRecursive Scanning - the ability to drill down and analyze recursively within components even to the smallest binary component that affects your software. Xray serves as a universal component scanner for virtually any packaging type.
  • Impact Analysis - discover and understand the impact of components to your overall system, where small changes can have a tremendous impact to performance and quality.
  • Dependency Tracking - build dependency graphs that represent a combined view of the metadata indexed in Artifactory and Xray’s deep recursive scanning, analyzing the relationships between binary artifacts in an organization as a whole. Allowing you to clearly understand the impact one component has on any other.

Deployment

How do I deploy to another ECM or AWS instance (outside Secure DevOps)?

If you are deploying elsewhere in AWS you will need open a Design Engineering Review (DER) with ITS.

SDO in general does not host long lived resources outside the CI/CD pipeline. So, if you have/need for example QA and Production environments they will need configuration on SDO and on those environments to allow connectivity between VPC’s. For external communication from the ECM environment, traffic would flow from the SDO tools deployed within the Zone 9 / Zone 11 DMZ through the Front Channel Firewall out to the internet. To prevent requests from being blocked, the URL paths need to be added to the firewall rules.

Customization

What can be customized in Secure DevOps?

Each project administrator has permission to

  • (All) Set User roles for individuals (override the group settings)
  • (All) Edit custom permission and notification schemes
  • (Jira) Edit custom workflows (transitions and use existing status)
  • (Confluence) Set Share Filters, Calendars, Page Restrictions (page owners can manage own pages)
  • (Bitbucket) Manage repositories and repository permissions (repository owner can also manage repository access)

Each project administrator does NOT have permission to (but can request through SDO Service Desk)*

  • (All) Create new projects
  • (All) Add new users (these are managed by the corporate AD and synchronized with Crowd, therefore require SDO Service Desk request)
  • (Jira) Create issue types, custom fields, custom status, custom screens, custom workflows, and editing post-functions
  • (Confluence) Create new spaces*
  • (Artifactory) Add new repositories to the DMZ for use in SDO (once repository/package is loaded into DMZ, it will be pulled into SDO Artifactory)

*If the project defines customization at the time the project is created, editing these items are delivered in the new project

How do I customize my workflow?

Workflow customization is requested when you request a new project or at any time by using the "Customize" request in the SDO Service Desk.  You can use this Knowledge Base article for additional information.

What can be customized in Jira?

SDO provides the ability for a project to customize Fields, Roles, Screens, Status, and Workflows. You can use this Knowledge Base article for additional information.

How do I add a custom status to my project?

You can either request custom status values when you submit the new project request or anytime using the "Customize" request in the SDO Service Desk.  You can use this Knowledge Base article for additional information.

How do I use a 3rd Party SaaS Provider in SDO?

Corporate Information Security (CIS) has explicit procedures for requesting, risk assessment, and procurement of 3rd Party System as a Service (Saas) components within Leidos.  You can use this Knowledge Base article for additional guidelines.

Training

What types of training does SDO offer?

Atlassian suite training is not included in our Enterprise License agreement.  However, we do have multiple avenues for gaining expertise on the SDO offerings, Agile Guidelines, Atlassian (free tutorials), and SDO Engineering consultations.  You can use this Knowledge Base for additional training resources.







The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
CONTROLLED DATA