The TAG has advanced secure software practices with the Secure Software Factory Reference Architecture Paper. Building on this, the new initiative will provide guidelines for automated governance in cloud-native environments, focusing on integrating security, compliance, and auditability into CI/CD pipelines to automate and operationalize governance and compliance practices.
- Provide guidelines and best practices for implementing automated governance processes in cloud native environments.
- Integrate security, compliance, and auditability into CI/CD pipelines.
- Streamline compliance processes and enhance the overall security posture of cloud native applications.
The scope of this project includes:
- Research and analysis of current automated governance practices.
- Development of a comprehensive reference architecture.
- Creation of best practice guidelines and documentation.
- Potential development of tooling or integration patterns for common CI/CD platforms.
- Meeting: Every 2 weeks on Tuesday at 2:00 PM Pacific Time (US and Canada) (Calendar Invite)
- Meeting Notes: Google Docs
- Lead: Andrés Vega, Brandt Keller
- Slack Channel: Link