Everyone wants to move faster and ship updates with higher velocity. Regulatory burdens and compliance can add extra drag on the system. Controls that live in notebooks, spreadsheets, and PDF files are difficult to verify. Scanning the production systems for compliance means you find violations when it's too late and when they're most expensive to fix. Compliance must be managed as code and must be part of your everyday development process if you'd like to improve compliance and increase velocity. In this talk, we'll look at one way you can move compliance controls directly into your development process. We'll explore InSpec, an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
Recording of the presentation - https://www.youtube.com/watch?v=RaeN7w8rQAI