UTSB and Atomik Soft have implemented DevSecOps in Alpha Platform

2026: Integration of Secure Development Practices into Alpha Platform

On January 13, 2026, the Cybersecurity Center of the IT company UTSB, together with the Atomik Soft team, announced the integration of secure development practices into the process of creating the Alpha Platform.

As reported, Alpha Platform is a software package designed to build process control systems (HMI, SCADA and other solutions). Integration made it possible to increase the security of the product without stopping its current development and maintaining a high speed of release of updates.

A special technological challenge was created by a modular platform architecture consisting of a basic core and configurable add-ons. Security was supposed to permeate all stages of development, but without slowing down release cycles.

The solution was to connect to the cloud platform for analyzing the security of Apsafe applications - your own USCB product. As part of the integration, a script was created to automatically transfer source code from the Jenkins build system to Apsafe. Now each Build automatically passes a comprehensive security analysis in the platform, and the results verified by experts are sent directly to the developers' Tusk tracker.

The project went beyond automated scanning. USCS experts not only identified vulnerabilities using SAST, DAST, SCA and mandatory fuzzing testing, but also analyzed each find in detail with the Atomic Software team. The collaboration turned potential incidents into training cases and specific safe coding rules that were immediately integrated into the Code Review process.

An important practical result was the compliance with the requirements of the regulators, in particular the Order of the FSTEC of Russia No. 239 (clause 29.3), including the availability of updated guidance on secure development (SDLC) and the conduct of mandatory types of testing.

Now the developer can accompany his IT solution not only with technical reports, but also with documentary evidence of built-in security for customers - industrial enterprises with increased security requirements.

As a result of the partnership, Atomik Soft received not only monthly reporting on the results of the analysis, but also a working code security management system - from writing to assembly. This reduces the risk to end customers in the industry and builds confidence in the product. The project demonstrates the transition from one-time checks to a model where continuous security is built into the development lifecycle.