You did it! The new feature you’ve been implementing is now ready and you can’t wait to ship it.
“Not so fast”. Oh no, it’s them: the guardians of compliance! You know what’s about to happen. You’ve been there before.
- Are you using any license that is not approved?
- Is there any CVE reported for the new dependencies you added?
- Can you guarantee the artifact running in production has not been tampered with?
Several checklists, paperwork, and meetings later, you’re finally approved for release. Not fun. Where did the developer joy go?
In this session, Alexandra and Thomas explore how to break the compliance barriers for developers, even in highly-regulated industries. The goal is to enhance the developer experience while letting the platform automate and enforce compliance and security checks.
You'll follow the mishaps of a developer and learn how to deal with compliance, using practical solutions based on OSS tools like Backstage, Dependency-Track, Sigstore and Buildpacks.
thomasvitale
shift_evolve
overflowinc
tsubakimoto_s
qa
a2ush
stefafafan
nagisa53
yama3133
murachiakira
tknw_hitsuji
aleyda
skipperchong
zakiyama
csswizardry
mfonobong
livdayseo
dugsong
ryanjones
sachag
codingconduct
