Add Continuous Compliance To Your Ci Cd Pipelines-Books Download

Add Continuous Compliance to Your CI CD Pipelines

2020 | 2 views | 29 Pages | 879.47 KB

November 4, 2019. Overview Software development teams have long been able to take advantage of unit, integration, and functional testing as an integral part of a robust, test and behavior-driven development environment. Infrastructure as Code (IaC) provides new capabilities for DevOps teams to utilize new frameworks to build ephemeral environments with integrated compliance testing before ...



Software development teams have long been able to take advantage of unit
integration and functional testing as an integral part of a robust test and behavior
driven development environment Infrastructure as Code IaC provides new
capabilities for DevOps teams to utilize new frameworks to build ephemeral
environments with integrated compliance testing before during and after deployment
Problem Statement
I need to ensure compliance in
my cloud environments
Actively Monitoring Environments
Provider Solutions Provider Solutions External Monitoring
AWS Config Azure Advisor CloudCheckr
Prisma Cloud
Cost structure near real Cost security and DivvyCloud
time 100 customizable configuration Qualys
optimization Rapid7
AWS Inspector
AWS Trusted
Access to EC2 instances Advisor
software vulnerabilities
Problem solved ish
Tools are validating the configuration
Monitoring of active environments
Vulnerabilities are found
Tickets for the backlog
Environments
Prioritized based on risk
More often than not left
exposed for a period of time
Refined Problem
I need to ensure compliance in
my cloud environments before
they are created
Add a test
Run test to see the test fail
Test Driven Write code to satisfy the
conditions of the test
Development TDD Run test to see the test pass
Repeat as necessary
If your infrastructure is in code why
Test Driven is development of your IaC
environments any different than the
Infrastructure process developers use to write
applications
Infrastructure as Code Toolbox
Kitchen LocalStack Clever Thinking
https kitchen ci https localstack cloud Start with the
mentality tests are
Kitchen provides a test LocalStack provides a test required
harness to execute framework on your local Utilize orchestration
infrastructure code on one machine providing the like Jenkins or
or more platforms in same functionality and CircleCI to build
isolation APIs as the real AWS private ephemeral
cloud environment environments to test
and validate changes
Let s walk through an example
Amazon Machine AMI Build Process
ChefSpec Unit Tests
Image Example Kitchen for Integration and
Functional Testing
Jenkins Pipeline
Components of the Example
Chef Cookbook cis mitigation
ChefSpec Unit Testing
Amazon Machine
Kitchen Configuration
Packer Machine Definition
Image Example
Chef Cookbook ami builder
ChefSpec Unit Testing
Kitchen Configuration
WAIT We don t use Chef we use
insert name of tool
ChefSpec Example Chef Cookbook cis mitigation
ChefSpec Tests
Kitchen Example Chef Cookbook cis mitigation
kitchen yml platforms
name ubuntu 18 04
driver username ubuntu
name ec2 image search
aws ssh key id chef test kitchen 20191020 owner id 099720109477
security group ids sg asdf1234 name ubuntu bionic 18 04 amd64 server
region us west 2 block device mappings
subnet id subnet 1234asdf device name dev sda1
associate public ip false ebs
interface private volume type gp2
tags volume size 20
Name test kitchen cis mitigation delete on termination true
Owner DevOps Group suites
provisioner name default
name chef zero provisioner
transport policyfile policyfiles kitchen rb
ssh key ssh chef test kitchen 20191020 verifier
connection timeout 10 name inspec
connection retries 5
Kitchen Example Chef Cookbook cis mitigation
Kitchen Commands
kitchen list
Lists all of the test suites
available for each platform
kitchen create
Create the test instance
using the kitchen driver


Related Books

FLOW CYTOMETRY - Beckman

FLOW CYTOMETRY - Beckman

Beckman Coulter a market leader in delivering excellent quality and trusted flow reagent products. ISO International Standards The compliance with standards such as ISO 13485:2016/ ISO 9001:2015 demonstrates continuous improvement of Beckman Coulter’s quality management systems (QMS) and processes. Globally Harmonized System of Classification and Labeling of Chemicals (GHS) Beckman Coulter ...

Continue Reading...
Scaffold Inspection Checklist - Dalhousie University

Scaffold Inspection Checklist - Dalhousie University

Scaffold Inspection Checklist Work Site Location: _____ Supervisor: _____ Inspected By: _____ Insert Date of Inspection Below Date Date Date Date Date Compliance Requirements Yes No Yes No Yes No Yes No Yes No 1. Scaffold erection supervised by a competent employee. 2. Sills are at least 38 mm x 235 mm (2 inches x 10 inches) and are continuous under at least two legs and extend a minimum of 0 ...

Continue Reading...
Beschrijving en indicaties

Beschrijving en indicaties

single continuous worksession, i.e. for8 hours asa maximum, in compliance with instructions as worded in the Journal Officiel de la République Française, 28 September 2005. Any failure to comply with instructions and warnings concerning the use of this respiratory protection mask for the whole period of exposure may reduce its efficiency.

Continue Reading...
Continuous monitoring and continuous auditing From idea to ...

Continuous monitoring and continuous auditing From idea to ...

continuous auditing enables internal audit to continually gather from processes data that supports auditing activities. The current environment of rising risks, regulatory activity, and compliance costs makes this the ideal time to consider (or to reconsider) the potential role of CM or CA, or both, in your enterprise. You might also consider what it would take to implement them, what they ...

Continue Reading...
Annual Report 2015 - Microsoft

Annual Report 2015 - Microsoft

sustainable value to Kemira and our stakehold-ers, improve our operational efficiency, and ensure compliance and manage risks. Our corpo-rate responsibility focus areas, targets and KPIs are designed to drive forward continuous improvement in these areas. Our stakeholders expect high performance from us in our sustainability work, not only in our

Continue Reading...
CCSP Official (ISC)2 CCSP

CCSP Official (ISC)2 CCSP

• Architectural concepts, design requirements • Operations, legal and compliance • Data lifecycle • Deployment models • Continuous optimizations ABOUT THE AUTHOR Ben Malisow, CISSP, CISM, CCSP, Security+, has been involved in INFOSEC and education for more than 20 years. At Carnegie Mellon University, he crafted and delivered

Continue Reading...
Compliance with HACCP guidelines in the food industry with ...

Compliance with HACCP guidelines in the food industry with ...

Testo Solution HACCP guidelines in the food industry example, that all dangers to the safety of the foods present in a company must be analyzed. According to HACCP, it is furthermore indispensable for the safety of the foods that critical control points and their intervention limits be deter-mined, so that a procedure for the continuous monitoring of these control points can be implemented ...

Continue Reading...
Microsoft Visual Identity PowerPoint Guidelines

Microsoft Visual Identity PowerPoint Guidelines

Kanban customization Release Performance events Continuous value Load Testing as a Service -based deployments . More frequent releases Customer responsiveness Stakeholder transparency Compliance & regulation . Team Foundation Server DEV INT QA PROD Coordination Testing time Provision Deploy . A continuous deployment solution for .NET teams History . Release Management Client Release Management

Continue Reading...
Preparing!for!the!NERC!CIP!Audit!6!Importance!of ...

Preparing!for!the!NERC!CIP!Audit!6!Importance!of ...

Effective NERC – CIP Compliance Program Collaborative – flexible and allows for inclusions or changes as required Integrated: Compliance, Content, Risk, Policy, Control, Audit etc. Enforces methodology, rigor and discipline Facilitate continuous assessments and captures all necessary NERC compliance data & artifacts

Continue Reading...
COMPLIANCE GUIDELINES: HOW TO DEVELOP AN EFFECTIVE EXPORT ...

COMPLIANCE GUIDELINES: HOW TO DEVELOP AN EFFECTIVE EXPORT ...

2. Continuous Risk Assessment of the Export Program. 3. Formal Written EMCP: A manual of policies and procedures with a sufficient level of operational detail to ensure effective implementation and day-to-day compliance. 4. Ongoing Compliance Training and Awareness. 5. Cradle-to-Grave Export Compliance Security and Screening: Screening of ...

Continue Reading...
Conductor Sizing and the National Electrical Code

Conductor Sizing and the National Electrical Code

Conductor Sizing and the National Electrical Code ... Corrected Ampacity No. 4 THHN = 95 amperes x 80% Corrected Ampacity No. 4 THHN = 76 amperes The No. 4 THHN which is rated 76 amperes after ampacity correction is properly protected by a 70 ampere overcurrent protection device in compliance with the general requirements of Section 240-3. Feeder Continuous Load Example: What size feeder ...

Continue Reading...