Forge's DevSecOps Review team brings together eight specialist agents — from Product Owner to Release Engineer — to produce a comprehensive security, architecture, and operational assessment. This guide walks you through submitting your first run and reading the results.
Step 1: Find the template
Go to Teams in the dashboard nav. Scroll to the DevSecOps Review card or use the search bar. Click Use team — this takes you straight to the new run form with the DevSecOps team pre-selected.
Step 2: Write your brief
The brief tells the team what to review. Be specific about your technology stack, deployment model, and what kind of output you need. A good example:
Review the security and architecture of a Node.js REST API with a PostgreSQL database deployed on Azure AKS. The service handles PII and financial data. We need: - Architecture recommendations and threat model - Infrastructure as Code review (Terraform) - A go/no-go assessment with remediation priority We are targeting ISO 27001 compliance.
Step 3: Submit and watch the timeline
Click Submit. The run page opens and the live timeline begins updating. You will see each agent appear as it starts working. The run typically takes 4–8 minutes end to end.
What each agent does
Product Owner
Parses your brief, identifies the core requirements, constraints, and success criteria. Its output scopes the review.
Architect
Reviews the architecture against cloud best practices. Produces a component diagram assessment and architectural recommendations.
Security Engineer
Runs a threat model. Identifies OWASP Top 10 risks, authentication and authorisation gaps, and data exposure vectors.
DevOps Engineer
Assesses the CI/CD pipeline, IaC, container security posture, and secrets management. Flags misconfigurations.
Developer
Reviews code-level patterns: input validation, error handling, dependency vulnerabilities, and logging hygiene.
QA Engineer
Assesses test coverage, identifies gaps in security testing, and recommends pen test scope.
FinOps Analyst
Reviews the cost posture of the architecture and flags over-provisioned resources or cost anomalies.
Release Engineer
Produces the final go/no-go assessment with a prioritised remediation plan and estimated effort.
Reading the outputs
Once the run completes, click the Output Hub tab. Each agent's deliverable appears as a separate card with its confidence score (green above 0.9, amber 0.85–0.9, red below 0.85). You can download individual outputs or export all as a ZIP. The Release Engineer's go/no-go assessment is usually the last card — start there.