Integrating security into a DevOps environment, also known as DevSecOps, can allow organisations to deliver more secure applications and services faster to market. While many publications address the theoretical benefits and challenges of security integration, there is a lack of practical insight to guide organisations towards a successful integration. As a result, many organisations fail to achieve DevSecOps due to the historical differences that hinder collaboration between teams. This study investigates the critical success factors for DevSecOps integration using a case study approach. Semi-structured interviews were held with eight senior staff members directly involved in establishing DevSecOps integration within a large organisation. Thematic analysis of data across three categories (people, processes, and technology) identified eight major themes: executive support, security champions, security training, way-of-working, governance framework, secure pipeline, automation, and technology. Based on these findings a framework is proposed to inform and guide organisations on DevSecOps integration
