The Science of Compliance - Early Code to Secure Your Node
We all know that the earlier in the software development process, you start testing, the more money and time you save in the long run. This is the case not only with the coding process, but also with securing your systems. In this talk, we’ll talk about the difference between compliance and security, and how adding compliance is a measurable and repeatable way to make code more secure. We will discuss tools and methodologies for integrating compliance and inserting compliance checking at various places in the development process, starting with a compliant infrastructure, and continuing through code, test, and development systems. We’ll discuss how to insert compliance checks in various places in the CI process including code, unit testing, and integration testing, even after your code is deployed. To make the talk more palatable, the process of integrating (also known as “baking in”) compliance to your DevOps process is compared to the trials and tribulations of baking a cake. We’ll tie these concepts in with the DevOps culture of collaboration, communication, and retrospection. Hopefully, you will be left with an understanding of the importance of compliance and its role in all aspects of your DevOps (DevSecOps) process.