NARTech: The DevSecOps Champions

Ms. Urusa Salman, CEO
There is a particular challenge that organizations face when it comes to old-school waterfall security practices. Typically, they begin very late in the software lifecycle. This approach is diametrically opposed to an Agile DevSecOps approach. If organizations want to embed security throughout their DevSecOps pipeline, they need to use continuous automation tools throughout their integration and deployment processes that will boost quality, security, and compliance. Further, integrating technologies like automated testing and code quality inspection early in the lifecycle can help a DevSecOps team ensure they deliver secure and high-quality products. Helping organizations in building an efficient DevSecOps approach is NARTech. An expert with Agile DevSecOps capabilities and a unique CMMI Level 5 qualification, NARTech integrates automated testing and code quality inspection through its DevSecOps toolchain and pipeline tool, AppGen. “Our auto-generated DevSecOps application pipeline includes code quality scanning, regression testing, 508 compliance, Docker builds, and cloud deployment, and can be enhanced to use almost any tool necessary for a client’s DevSecOps environment,” Ms. Urusa Salman, the CEO of NARTech said. Delivered as Web-based solutions, these tools create Microservices-ready Web applications for functional code updates, literally with the entry of a handful of parameters and the click of a button. “At NARTech, DevSecOps is not an afterthought; it is baked into our agile systems development lifecycle as an integral component,” says Ms. Salman. The company’s pipeline tools automate the full process from configuration management to building the application, testing, deployment to the Cloud platform using Jenkins, and other development tools, eliminating the need for developers to manually perform these repetitive tasks.

NARTech’s AppGen DevSecOps tool automates the generation of source code and repositories, creating scripts for Jenkins build jobs, and provisioning the runtime environment on the AWS cloud platform. The tool allows organizations to build and deploy a functional Java/Spring application or Microservice in about 10 minutes, providing huge time and cost savings for the clients.AppGen uses a web interface to collect information about the new application or microservice and then creates the application source code, GitHub repository, and checks in the code. It provisions the infrastructure necessary on either the OpenShift or AWS platforms, including EC2, ECS, Load Balancers, and Fargate containers.

Next, the AppGen tool creates the Jenkins scripts necessary for DevSecOps and a Docker Hub repository, builds the code, checks in the Docker Image, and deploys to OpenShift or AWS. AppGen creates both Java apps and microservices using REST and JSON. The generated code complies with federal standards, including the U.S. Federal Digital Services Playbook and Section 508.

NARTech implements Agile/SCRUM Methodology with High Maturity CMMI Level 5 Processes on all client’s application development projects, including management and project team daily SCRUM meetings, Actions/ Issues Tracking, Requirements Management, and Risk Management. Additionally, they implement a SharePoint Project Portal as a key PM tool that provides an effective method for Team and Client Collaboration, Communication, and a Project Artifact Repository—for deliverables, meeting minutes, reports, etc.—and Real-Time Status. NARTech has been the first to deliver production-ready cloud-based applications at HUD for both the AWS and Azure platforms. By using Agile DevSecOps practices and a cloud-based technology platform, NARTech was able to go from initial market research and analysis to production release within six months.

Apart from the numerous successful implementations over the years, what differentiates NARTech from the other vendors in the marketplace is their depth and breadth of expertise, impressive results, strategic approach, and superior execution.

At NARTech, DevSecOps is not an afterthought; it is baked into our agile systems development lifecycle as an integral component

With their strategic, innovative approach to DevSecOps, the company can help an agency transform their operations into a state-of-the-art Agile enterprise, utilizing a leading-edge toolchain for their DevSecOps pipeline. Further, NARTech is CMMI Level 5 appraised, which places NARTech among the Top 5 percent of CMMI appraised companies in the USA and among the Top 10 percent of CMMI appraised companies globally. As part of CMMI L5 program, NARTech places metrics on a project and monitor its performance. At both a project level and organizational level, NARTech then looks at ways to improve software development processes. This may result in reduced development hours or it can provide more capability with the same effort. NARTech’s AppGen tool has accomplished both, by dramatically lowering the initial application creation down from days to minutes, and by standardizing development teams on an expanded development pipeline.

NARTech also puts special emphasis on building security through teamwork. The company recruits seasoned professionals who have expertise in multiple disciplines related to DevSecOps and provides skilled consultants who have both depth and breadth of experience in operating as a team player. NARTech’s team includes Certified Scrum Masters and Certified Project Management Professionals, as well as technology staff with 10+years of experience in all aspects of system development lifecycle and DevSecOps. The company has worked on dozens of Agile projects at various federal agencies, and not only has a wide range of technology experience, but also many years of in-depth experience in most major DevSecOps tools. Further, the company’s teams stay current with the latest DevSecOps tools and technologies that are of interest to federal government clients. “We embrace Agile innovation so that our teams can function with the speed and enthusiasm of a start-up, but with the knowledge and skills of a seasoned consultancy, as we explore new ways to help our clients meet their needs and goals,” mentions Ms. Salman.

Being a Woman and Minority-Owned Small Business, a U.S. Small Business Administration’s 8(a) Program Graduate, and GSA IT Schedule 70 holder, NARTech continues to grow and has ambitious plans for the next several years. NARTech’s “FIND, GET, TRAIN, KEEP” human resources philosophy plays a key role in attracting and retaining quality staff who seek to continuously update their skills. Ms. Salman believes that such innovative approaches to hiring multi-skilled personnel attract ambitious, motivated professionals who are willing to roll up their sleeves and think outside the box.

With over 15 years of IT applications development and integration experience as the prime contractor at federal government civilian agencies, NARTech provides guaranteed quality performance, verified through its Dun & Bradstreet Past Performance Rating of 97 percent. “We have been aggressively marketing our innovative DevSecOps capabilities and plan to focus on this growing space over the next several years. And we practice what we preach— we are continuously improving our own internal DevSecOps capabilities through our CMMI Level 5 initiative to ensure that our internal systems remain on the leading edge of DevSecOps technologies,” concludes Ms. Salman.


Bethesda, MD

Ms. Urusa Salman, CEO

An expert with Agile DevSecOps capabilities and a unique CMMI Level 5 qualification