As an important carrier of data, government business systems are often the most important targets of attack, and government security construction pays more attention to compliance requirements, ensuring business operation through security products and services, while application endogenous security is ignored. In order to adapt to the high security requirements of the current digital government and meet the current scenario of intensive digital government construction, it is necessary to shift security to the left and focus on supply chain and application endogenous security. The government’s information project construction model needs to prioritize development work, and security needs to be closely integrated with the research and development process. DevSecOps, as an emerging security development model, has entered the field of digital government application development. The application development security system enabled by DevSecOps can improve the development process, reduce security repair costs, shorten development cycles, and greatly enhance the level of digital government security.