From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Tricks for making compliance happy
From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Tricks for making compliance happy
- When I talk to people about the benefits of devops and devsecops, there's always one major pushback that I get, you guessed it. Compliance. Often I here this from engineers and security professionals who have suffered through a PCI audit or some other long regulatory process. To them, compliance is the enemy. But I started to wonder, is compliance the real roadblock? Whenever I speak with auditors, they seem hesitant at first but after explaining how a software delivery pipeline works, they actually get excited. In a sense by doing CI and CD, you are expressing a version of what Itil and Waterfall always promised. That is, you get change control along with all the auto ability and login that goes along with it. Most auditors are really concerned with establishing a policy and making sure processes and procedure are followed in regard to that policy. They collect evidence to verify that all looks good and the audit is a success. CI/CD actually fits great with this and provides an…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.