The concept of DevSecOps has introduced an array of changes to our traditional operations. One of the major changes was to move away from using tools, to learning to bake our own ‘code’. Of the many things required for an application or an environment to be production-ready, compliance is fundamental and we ought to look at ‘Compliance as a code’.
‘Compliance as Code’ can be defined as writing a script/code to automate the process of auditing infrastructure for security compliance and ensuring that the security baseline standards are met in every release made. With the increasing adoption of DevSecOps, ‘Compliance as Code’ has become an imperative component of the modern-day CI/CD pipelines to validate the compliance of the DevOps infrastructure.
Talking of DevOps, here is our blog on achieving DevSecOps using open source tools which you can have a look at – https://notsosecure.com/achieving-devsecops-with-open-source-tools/
In this blogpost, Jovin Lobo will introduce Chef InSpec – an open source framework for testing and auditing infrastructure and applications.
For the purpose of this blog, compliance checks will be performed on a Redis server using Chef InSpec scripts. The blog will walk you through the process of constructing a Redis InSpec profile using the