Integrating the necessary security controls and audit capabilities to satisfy compliance requirements within a DevOps culture can capitalize on CI/CD pipeline automation, but presents unique challenges as an organization scales. Understanding the second order implications and unintended consequences caused by the chosen implementation is key to building an effective, secure, and scalable solution. My colleague Carl Nygard describes how to think of these choices through a series of four patterns for handling compliance.

more…