Self-assess DevOps maturity in 60 seconds with open-source tooling

Teams aiming for continuous improvement often struggle to baseline their DevOps practices without costly consultants or fragmented tools. A new open-source project called DevOps Maturity delivers a lightweight, automated way to evaluate end-to-end practices—spanning build pipelines, code quality, security controls, and supply-chain integrity—in under a minute. The project combines a weighted checklist with a CLI, GitHub Action, and optional AI-powered analysis, enabling teams to track progress over time without spreadsheets or third-party audits.

Replacing one-off assessments with repeatable baselines

Most maturity models today focus on narrow slices of DevOps, such as delivery speed via DORA metrics or security posture through OpenSSF Scorecard. While these tools provide valuable insights, they don’t give a holistic view of practices in place across the entire lifecycle. DevOps Maturity fills this gap by offering a single, weighted checklist that evaluates practices in build automation, test coverage, security controls, supply-chain integrity, and reporting—without requiring a custom consultant engagement.

The tool complements existing frameworks rather than competing with them. For example:

• DORA metrics measure outcomes like deployment frequency and lead time for changes, but they don’t assess whether those changes are built with secure defaults or verifiable supply-chain practices.
• OpenSSF Scorecard evaluates security health in public repositories but doesn’t account for internal tooling, CI configurations, or deployment workflows.
• SLSA (Supply-chain Levels for Software Artifacts) focuses deeply on supply-chain integrity but requires significant setup and expertise to interpret.

DevOps Maturity acts as the first step in this stack, identifying which areas need deeper evaluation and which tools to prioritize next.

Getting started in under a minute

The project’s CLI tool can be installed and run in seconds, making it ideal for quick baselines or CI integration. To begin:

pip install devops-maturity
dm assess

The command generates an overall score, a maturity level (ranging from WIP to GOLD), category-specific scores, prioritized recommendations, and a badge URL for READMEs or dashboards. For teams using GitHub, a dedicated GitHub Action can re-run assessments on every push, keeping the badge and feedback current.

Automating assessments with AI

For teams that prefer minimal manual input, DevOps Maturity supports an AI-powered auto-mode. By setting an API key and running:

ANTHROPIC_API_KEY=your_api_key devops-maturity assess --auto --ai anthropic

The tool analyzes the repository’s README, CI configuration files, and directory structure to infer answers to the checklist. It supports multiple providers, including OpenAI, Anthropic, and Google Gemini, or can run fully locally using Ollama.

Open to feedback and iterative improvement

Currently in its early stages, DevOps Maturity is released under the Apache 2.0 license and developed primarily by a single maintainer. The project’s maintainers invite contributions and critiques, particularly around the criteria weights and category definitions. Issues, pull requests, and suggestions are welcome on the project’s repository.

Looking ahead, the team aims to expand the checklist based on community feedback, add support for additional CI/CD platforms, and integrate with more security and compliance tools. For teams tired of one-off assessments and consultant fees, this open-source approach offers a practical, automatable way to measure and improve DevOps maturity over time.