4.5 Key Project Metrics - KPIs
In support of Low-Code Agile development practices, contractor Development Teams will implement a number of DevSecOps Software Quality Assurance metrics as listed in Figure 6 to serve as key performance indicators (KPIs) which provide the PMO and contractor project management oversight.
| DevSecOps Metric | Metric Description |
|---|---|
| Deployment Frequency | Number of successful deployments to production/iteration. |
| Mean Time To Recovery (MTTR) | Time between a failed production deployment to ops restoration. |
| Time To Patch Vulnerabilities | Time between identification of a vulnerability in the platform or application and successful production deployment of a patch. |
| Test Coverage | Percentage of code that is covered by automated tests. |
| Number of Unit/Integration Tests | Number of automated unit or integration tests for an application. |
| Number of Functional/Acceptance Tests | Number of automated functional or acceptance tests. |
| Coverage of OWASP Benchmark | % coverage of OWASP Benchmark Cybersecurity Test Cases. |
| Deployment Lead Time | Time between a favorable security assessment/successful non-production exit to completion of production deployment. |
| Pipeline-Stage Time | Time spent in any given pipeline or pipeline stage. |
Figure 6: Recommended DevSecOps Metrics