Validating compliance has been typically an infosec and audit teams’ burden. With a need of keeping delivery and production up to speed and the increased adoption of modern Cloud-native stacks, organizations realize that compliance can be made part of the CI/CD pipeline process. This allows to detect violations early so developers can address them before production while monitoring compliance validation as a continuous process, not only pre-deployment but also during runtime and post-incident, auditing and conducting forensics.
In this session we will go through practical examples of security implementation in your CI/CD pipeline beyond vulnerability scanning with NIST, PCI, GDPR, etc.
Required audience experience
Containers and Kubernetes knoweldge
Objectives of the talk
You will walk away with practical examples that you can start implementing today of validation checks for regulatory compliance standards in your CI/CD pipeline.