OWASP Secure Pipeline Verification Standard (SPVS)

The OWASP SPVS is a framework that integrates security across the entire software delivery lifecycle—Plan, Develop, Integrate, Release, and Operate. It provides a tiered maturity model with actionable controls to secure code, artifacts, and build environments. Adaptable to cloud, hybrid, and on-premises setups, it helps organizations progressively improve pipeline security, ensure compliance, and embed a security-first culture within DevSecOps practices.

https://github.com/OWASP/www-project-spvs