Bolting compliance and security onto an application after it’s been deployed is an easy way to ensure those applications are vulnerable to attack and violate your organization’s policy. Yet, that is often the approach that is taken. Developers must shift compliance to the early phases of the process. With InSpec, verifying compliance and security controls is just as easy as running unit tests.
This presentation was given at a joint meetup with the Derby DevOps (https://www.meetup.com/DevOps-Louisville/events/242003342/) and Louisville AWS Users Group (https://www.meetup.com/Louisville-AWS-Users-Group/events/242737663/).