The U.S. Army is consolidating its software development efforts under a single standardized platform. CECOM’s Army Software and Innovation Center (ASIC) now runs the Enterprise DevSecOps Platform, known as DSO-P or DSOP. It embeds automated security scans, supports continuous Authority to Operate paths, and supplies ready CI/CD pipelines. Army.mil reported the details from a May 6, 2026 panel at AFCEA Belvoir Industry Days.
Garrett Shoemaker, ASIC executive director, described the shift. “We have transformed into a continuous integration and continuous delivery organization,” he said. “This means we are getting software into the hands of Soldiers as minimal viable products, extremely fast, and then we iterate on that capability based on their feedback.”
The platform runs cloud-native on AWS. It starts with a hardened baseline of commercial tools: GitLab Ultimate for source control and pipelines, SonarQube for code quality, and Nexus Repository for artifacts. Open-source and government security tools fill gaps. David Wright, ASIC chief engineer, outlined the design in an earlier Army article. “Hosted in AWS 2.0, this unified design avoids the need and cost to stand up independent silos for DevSecOps, delivering a scalable, cost-effective standard for the force.” Army.mil
Matt Bernhardt, associate director of infrastructure at ASIC, framed the operational goal. “How do we build a paved road for everybody to be on to get their software developed, scanned, accredited, and out there to the warfighter? With the DSO-P, we have automated scanning embedded directly into the system… any software we are pushing through that pipeline is accredited on that path towards a continuous ATO process.”
Availability rolled out widely in early 2026. Posts from CECOM ASIC indicate the Army DSO-P opened to all organizations starting March 2, accessible at dso.army.mil. The move consolidates prior efforts, including work from the Enterprise Cloud Management Agency’s Code Resource and Transformation Environment. It now serves as the hub for over 100 organizations and roughly 4,000 developers across the Army, according to February reporting on partnerships with PEO Enterprise. Army.mil
Broader DoD context shows parallel tracks. The Air Force’s Platform One offers similar enterprise tooling with Iron Bank for container images and Party Bus for managed pipelines. Army leaders reference these models while building their own consolidated approach. A March 2026 DVIDS report highlighted an ArCTIC platform variant that cuts authorization timelines from months to hours by using GitLab-based blueprints other units can copy. DVIDS
Low-code and no-code capabilities run alongside the core platform. ASIC established a Center of Excellence to standardize commercial tools and move beyond scattered experiments. Crystal Chadwick, division chief for application capability management, noted the intent. “We have noticed there are pockets of innovation across the Army using low-code/no-code, but we want to move beyond pockets and really use this as a force multiplier. We want to create a whole digital ecosystem using these powerful tools so that we can get capability out fast and maximize mission readiness.”
Acting Army CIO Gabe Chiulli praised the reinvention during the Belvoir panel. He recalled discussions roughly a year prior that led to ASIC taking a lead role on DevSecOps strategy. The center also supports related enterprise work, such as streamlining customer relationship management systems.
Security stays central. Automated scans happen at every stage. Containerization packs applications into portable units that run consistently across environments. Zero Trust principles guide access and verification. These measures reduce the attack surface while shortening the path from code commit to fielded capability.
Partnerships extend the reach. PEO Enterprise’s Enterprise Cloud Tools team met ASIC staff in January 2026 to align on shared testing and scanning tools. Plans target integration in the third or fourth quarter of fiscal 2026. A steering committee will gather input from acquisition organizations. Maj. James Oliver of ECT called the relationship essential for avoiding duplication and meeting requirements of the Army’s largest IT systems.
Results show in delivery speed. Contract timelines have shortened from months to weeks in some cases. Teams deliver initial iterations in days when priorities demand it. One LinkedIn example from an ASIC partner described a high-priority item completed in under a day using the platform’s agility.
The effort aligns with Army Directive 2024-02 on modern software acquisition and subsequent policy memos from the Army CIO. Those documents emphasize certified DevSecOps pipelines for new development. ASIC’s platform supplies one such certified path.
Challenges remain. Scaling to thousands of users requires ongoing tool hardening and user training. Integration with legacy systems demands careful migration. Yet the single-platform model directly attacks prior duplication. Separate teams once stood up parallel environments; now they inherit a common baseline.
Industry observers note the Army’s move mirrors service-wide trends. DoD CIO guidance and the DoD Enterprise DevSecOps Fundamentals document stress common platforms to reduce costs and speed accreditation. Army implementation adds concrete tooling and an availability date that other components can reference.
Garrett Shoemaker summed the broader intent at Belvoir. The center now operates as a unified entity handling immediate Soldier needs while planning ahead. That dual focus positions ASIC to support continuous transformation without constant reinvention of the underlying infrastructure.
WebProNews is an iEntry Publication