Automated Governance
The TAG has advanced secure software practices with the Secure Software Factory Reference Architecture Paper. Building on this, the new initiative will provide guidelines for automated governance in cloud-native environments, focusing on integrating security, compliance, and auditability into CI/CD pipelines to automate and operationalize governance and compliance practices.
Goals
- Provide guidelines and best practices for implementing automated governance processes in cloud native environments.
- Integrate security, compliance, and auditability into CI/CD pipelines.
- Streamline compliance processes and enhance the overall security posture of cloud native applications.
Scope
The scope of this project includes:
- Research and analysis of current automated governance practices.
- Development of a comprehensive reference architecture.
- Creation of best practice guidelines and documentation.
- Potential development of tooling or integration patterns for common CI/CD platforms.
WIP Documentation
- Working Draft: Google Docs
Meeting Information
- Meeting: Every 2 weeks on Tuesday at 2:00 PM Pacific Time (US and Canada) ( Calendar Invite )
- Meeting Notes: Google Docs
Contact
- Lead: Andrés Vega, Brandt Keller
- Slack Channel: Link