As organizations adopt DevOps practices, they develop increased productivity within their software development teams, faster releases of digital products, and improved customer experiences. But as the rate of delivery increases, it becomes more difficult for security and compliance to keep up without getting in the way. So, how can you ensure that all aspects of your deployment pipeline are protected as delivery velocity dramatically increases?
The “shift-left” practice in DevOps helps organizations improve quality and security by moving testing earlier in the release process. As more and more DevOps practices are automated, it becomes harder to capture the data required to ensure all security and com- pliance concerns are met. Organizations need an automated way to track governance throughout the entire software delivery process so they can attest to the integrity of all assets and to the security of all running applications.
This paper is intended to guide organizations on implement- ing an automated process for tracking governance throughout the deployment pipeline by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline. A sample use case is also provided to further enforce these best practices.
Views: 1
