What It Really Takes to Build Compliant Apps

December 20, 2018 by Sonya Koptyev 0 Comments

If you search online for “software compliance,” you’ll be met with a seemingly endless lineup of blog posts, how-tos and explainer articles promising to tell you everything you need to know about writing and deploying software in a compliance-friendly manner. Some of those are good resources, especially the ones that delve into meeting specific compliance […]

CloudBees Further Extends Jenkins CI/CD Reach

October 25, 2018 by Mike Vizard 3 Comments

CloudBees announced it is expanding the scope and reach of its Jenkins open source continuous integration/continuous development (CI/CD) platform into the realms of compliance and serverless computing frameworks. Announced at the DevOps World | Jenkins World conference in Nice, France, a new plugin for Jenkins adds support for the AWS Serverless Application Model (SAM) defined […]

Chef Extends Scope of Compliance Automation

October 19, 2018 by Mike Vizard 2 Comments

Chef has extended the reach of its InSpec compliance automation framework by adding a plug-in architecture that makes it easier for developers to programmatically generate compliance controls that can be applied to automation frameworks. The Terraform configuration management framework developed by HashiCorp is the first framework supported via the plug-in architecture. InSpec previously was integrated […]

Compliance and Audit Readiness: The DevOps Killer?

July 24, 2018 by Deborah Schalm 0 Comments

Compliance and audit readiness are more important than ever, as our customers demand more control over their personal data, while sophisticated attackers try to break into our IT systems. Many standard practices related to regulatory compliance assume a waterfall delivery model and a clear separation between development and operations. DevOps practices, such as continuous delivery […]

Don’t Forget to Automate Cloud Security

June 1, 2018 by Don Macvittie 2 Comments

Cloud has been around long enough, and we’ve had enough breaches stemming from unsecured cloud (mostly data objects, but other items, too) that we should know better. I cringe whenever I see a security headline along the lines of “… Unsecured S3 Bucket.” Would you publicly expose a server in your data center and not […]

Has DevOps Caused the Re-emergence of Shadow IT?

May 30, 2018 by Aditya Vadaganadam 2 Comments

Shadow IT is back, and this time, it’s in the DevOps toolstack “One of our clients conducted an audit and found more than 10,000 Jenkins instances across their IT landscape!” This remark from a tooling vendor that helps enterprises centralize their continuous integration infrastructure really took me by surprise. For starters, I was impressed how […]

Software Liability Goes Global

March 21, 2018 by Derek E. Weeks 1 Comments

This month, France turned up the conversation on software liability for manufacturers who place known defective software components in their products. But, they are not the first. Software Liability in France According to Lukasz Olejnik, lawmakers in France just suggested a desire to “put the security liability in hands of product suppliers. In other words, making […]

Automation Levels the Playing Field for Continuous Compliance

February 26, 2018 by Tony Bradley 0 Comments

At this point, I doubt there is any company doing business anywhere that doesn’t fall under at least one compliance framework. One universal truth of compliance—in intent, if not in practice—is that it is a process, not an event. Checking boxes and passing an audit is a requirement of most compliance mandates, but the real […]

Recent Articles

Chef Achieves Multiple Compliance Mandat…

Continuous Compliance and DevSecOps in T…