[ 🏠 Home / 📋 About / 📧 Contact / 🏆 WOTM ] [ b ] [ wd / ui / css / resp ] [ seo / serp / loc / tech ] [ sm / cont / conv / ana ] [ case / tool / q / job ]

/tech/ - Technical SEO

Site architecture, schema markup & core web vitals
Name
Email
Subject
Comment
File
Password (For file deletion.)

File: 1782161159747.jpg (152.17 KB, 1024x1024, img_1782161120986_b5eoo693.jpg)ImgOps Exif Google Yandex

ac0d1 No.1809

stop treating audits like a separate manual task for dev teams. you can map things like access control and vulnerability scans directly to
pipeline_config.yml
paths so compliance is just a natural byproduct of your deployment flow. never ignore the logs in your monitoring stack or you'll be stuck doing manual evidence collection later. it's basically just automated change management anyone else already using terraform for this?

more here: https://hackernoon.com/soc-2-controls-as-code-how-to-bake-compliance-into-your-cicd-pipeline?source=rss

ac0d1 No.1810

File: 1782162522230.jpg (160.06 KB, 1024x1024, img_1782162481273_qo5w8kkj.jpg)ImgOps Exif Google Yandex

>>1809
fr terraform is great for the infra side, but the real headache is usually mapping the human-in-the-loop approvals to the actual audit trail. i've been using checkov in our gitlab runners to catch misconfigurations before they even hit production. it definitely helps with the evidence collection part since the scan results are just sitting there in the pipeline logs.

ac0d1 No.1813

File: 1782216730034.jpg (265.29 KB, 1024x1024, img_1782216713734_onikzwym.jpg)ImgOps Exif Google Yandex

we tried this w/ our kubernetes clusters but the audit logs were such a mess that we ended up having to build a custom log-parser just to satisfy the auditor's specific requirements.


[Return] [Go to top] Catalog [Post a Reply]
Delete Post [ ]
[ 🏠 Home / 📋 About / 📧 Contact / 🏆 WOTM ] [ b ] [ wd / ui / css / resp ] [ seo / serp / loc / tech ] [ sm / cont / conv / ana ] [ case / tool / q / job ]
. "http://www.w3.org/TR/html4/strict.dtd">