For too long audits and security reviews have been seen as resistant or even blocking the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill reaction to the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.
What if auditing, compliance and security could be fully integrated into continuous integration and continuous delivery pipelines? What if we automated our compliance policies so they could be “shifted left” as part of the application and infrastructure lifecycle? This session will discuss real-world examples of how to translate security and compliance requirements into software and make them a proactive part of the software-delivery process. We can decrease risk by defining compliance rules as code and making them a part of the standard continuous delivery workflow.
Incorporating compliance and audit checking into continuous integration pipelines allows teams to move faster and safer at the same time.view full program