Integrating Devici into Your SDLC
Threat modeling is most effective when it is part of everyday development, not a one-time or isolated activity.
Devici is designed to integrate naturally into the software development lifecycle (SDLC), allowing teams to identify and address threats as systems are designed, built, and evolved.
This section explains where Devici fits into the SDLC and how teams commonly use it alongside existing tools and workflows.
Where Devici fits in the SDLC
Devici can be used at multiple points in the development lifecycle:
- During early design and architecture discussions
- When introducing new features or services
- When integrating with external systems
- As part of security or architecture reviews
- During ongoing system evolution
Threat modeling does not need to block delivery. It should inform decisions as they are being made.
Design and planning
Devici is most valuable when used early.
During design and planning:
- Create or update a threat model for the proposed changes
- Apply attributes to describe expected behavior
- Review identified threats before implementation begins
This helps teams surface security considerations while changes are still easy to adjust.
If you are new to building models in Devici, start with:
→ Building a Threat Model
→ Elements
→ Attributes
Development and implementation
As development progresses, threat models can be refined to reflect reality.
Common activities include:
- Updating the model as implementation details become clearer
- Adjusting attributes when assumptions change
- Reviewing new or changed threats introduced by the design
Threat modeling at this stage helps teams avoid surprises late in the cycle.
For guidance on reviewing and managing threats:
→ Threats & Mitigations
→ Threat Register
Integrating with issue tracking systems
Devici integrates with tools such as Jira and Azure DevOps to support action tracking.
Teams commonly use these integrations to:
- Create tickets from identified threats
- Track mitigation work alongside other development tasks
- Link remediation efforts back to the threat model for context
This keeps threat-related work visible and actionable without introducing separate processes.
To configure these integrations, see:
→ Jira Integration
→ Azure DevOps Integration
Using CodeGenius in CI/CD pipelines
CodeGenius enables teams to generate or update threat models directly from source code.
CodeGenius can be used to:
- Scan repositories or local codebases
- Detect architectural components and data flows
- Generate an initial threat model or update an existing one
When used in CI/CD pipelines, CodeGenius helps ensure that threat models stay aligned with the system as it evolves.
To get started with CodeGenius:
→ CodeGenius Overview
→ CodeGenius CLI & Automation
Continuous improvement over one-time checks
Threat modeling works best as a continuous practice.
Instead of treating threat models as static artifacts:
- Update them as the system changes
- Review threats during meaningful milestones
- Revisit actions when assumptions shift
Devici supports this approach by keeping threat identification and context connected directly to the model.
For guidance on long-term maintenance:
→ Threat Model Versioning & Restoring
Aligning security and engineering workflows
Devici is designed to support collaboration, not enforce process.
Security teams can use Devici to:
- Provide guidance and review models
- Validate assumptions and actions
- Share threat modeling expertise
Engineering teams can use Devici to:
- Understand threats in the context of their system
- Make informed design decisions
- Track actions without disrupting delivery
Both teams work from the same source of truth.
What’s next
Once Devici is integrated into your SDLC, the final step is maintaining and evolving threat models as systems grow and change over time.