For too long audits and security reviews have been seen as resistant or even blocking the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill reaction to the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.

What if auditing, compliance and security could be fully integrated into continuous integration and continuous delivery pipelines? What if we automated our compliance policies so they could be “shifted left” as part of the application and infrastructure lifecycle? This session will discuss real-world examples of how to translate security and compliance requirements into software and make them a proactive part of the software-delivery process. We can decrease risk by defining compliance rules as code and making them a part of the standard continuous delivery workflow.

Why would this talk be a good fit for the DevOpsDays audience?

Incorporating compliance and audit checking into continuous integration pipelines allows teams to move faster and safer at the same time.

Matt Ray is the Manager and Solutions Architect for APJ for Chef. He is active in several open source communities and has worked in a wide variety of industries. He has been a contributor to the open