Automated Governance

The TAG has advanced secure software practices with the Secure Software Factory Reference Architecture Paper. Building on this, the new initiative will provide guidelines for automated governance in cloud-native environments, focusing on integrating security, compliance, and auditability into CI/CD pipelines to automate and operationalize governance and compliance practices.

Goals

• Provide guidelines and best practices for implementing automated governance processes in cloud native environments.
• Integrate security, compliance, and auditability into CI/CD pipelines.
• Streamline compliance processes and enhance the overall security posture of cloud native applications.

Scope

The scope of this project includes:

• Research and analysis of current automated governance practices.
• Development of a comprehensive reference architecture.
• Creation of best practice guidelines and documentation.
• Potential development of tooling or integration patterns for common CI/CD platforms.

Meeting Information

• Meeting: Every 2 weeks on Tuesday at 2:00 PM Pacific Time (US and Canada) ( Calendar Invite )
• Meeting Notes: Google Docs

Contact

• Lead: Andrés Vega, Brandt Keller
• Slack Channel: Link