Case Study

SCRGT’s responsive solutions make positive impacts on missions and lives.

Case Study: Digital Services
Government Accountability Office (GAO), Information Systems and Technology Services (ISTS)

Background

The Government Accountability Office (GAO) is an independent, nonpartisan legislative branch agency that works for Congress, generally at the request of congressional committees or subcommittees or as mandated by public laws. Often called the “congressional watchdog,” GAO’s work may lead to laws and acts that improve government operations, saving the government and taxpayers billions of dollars. GAO has approximately 75 business applications ranging from custom-developed, end-user-developed, commercial-off-the-shelf (COTS), government-off-the-shelf (GOTS), and Software-as-a-Service (SaaS) through external service providers. Many custom-developed applications are specific to supporting GAO’s mission and include case management, work management, publishing, and customer relationship management (CRM) capabilities. Key application transformation objectives include enhancing agility and flexibility, increasing performance, improving information security, and boosting speed-to-delivery for new capabilities.

The Challenge

GAO awarded Salient CRGT (SCRGT) a five-year contract to provide engineering and enhancement services, transforming both service and application delivery to address mission needs. SCRGT is assisting GAO’s Information Systems and Technology Services (ISTS) office across its product portfolio, including analyzing and recommending publishing solutions central to GAO’s public-facing mission, identifying and incorporating SaaS and Platform-as-a-Service (PaaS) solutions that benefit GAO’s users, and developing and operating business intelligence products. A key aspect of their transformation is adopting a fully automated DevSecOps delivery model and realizing the benefits of migrating applications to the cloud.

The Solution

SCRGT has been supporting GAO since 2019, providing engineering and technology enhancement services that transform digital services to leverage an automated, cloud-based environment. Our team of experts brings a clear vision for the future, with an approachable, flexible, and collaborative style that makes us easy to work with.

We collaborated with GAO to create a roadmap to transform its development environment, reducing platform dependencies, accelerating application/code development, improving application quality and consistency, and automating governance and security measures.

One of our first initiatives introduced automated DevSecOps processes, enabling continuous integration and quality checks during development, ensuring the detection of errors as early as possible. We enabled automated code reviews using SonarQube code quality and code security scanning; Anchore and Trivy for container scanning; Cucumber, Zephyr, and Selenium for automated testing; and ZAP scans for penetration testing.

SCRGT is developing and modernizing GAO’s applications and tools to operate in a cloud-based environment, following a migration roadmap that includes refactoring applications to take full advantage of cloud resources, cyber security, and scalability, and resolving application interdependencies. We integrated Jenkins as the main continuous integration (CI) tool and a combination of Jenkins and Ansible for continuous delivery (CD), thereby creating CI/CD pipelines for automated deployments. We leverage modern cloud-based design patterns and services, maintaining high availability, right-sizing compute resources, and shifting to on-demand consumption. We designed our cloud migration strategy to follow a phased approach, including setting up a cloud-based OpenShift Container Platform (OCP) cluster in Amazon Web Services (AWS) and incrementally onboarding applications, while identifying shared service candidates to be re-architected as microservices. We are implementing abstraction to minimize cloud lock-in to any single vendor.

The Impact

By partnering with GAO and tailoring our proven, agile, and flexible methods to their meet mission objectives, SCRGT completed the initial transformation effort within six months (six to 12 months faster than typical federal DevSecOps integration schedules). Within this accelerated timeline, we fully revamped the software environment component of the infrastructure, including building the enterprise CI/CD pipeline and implementing Keycloak single-sign on with DevSecOps tools. We integrated container images into the pipeline as well as implemented and matured the Universal Base Image (UBI) process to support containers. Coordinating the rollout of the pipeline with development teams, we revamped/streamlined pipeline code and stage gates to eliminate drag in software development workflows. SCRGT reduced lead-time and deployment frequency metrics by 25% and continue to see reductions related to expanded use of automated testing and cloud-based deployments.

Learn how we embed rapid innovation critical to our customers’ success