DevSecOps Delight with Compliance as Code

For too long audits and security reviews have been seen as resistant or even blocking the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill sampling of the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.

What if auditing, compliance, and security could be fully integrated into continuous integration and continuous delivery pipelines? What if we automated our compliance policies so they could be “shifted left” as part of the application and infrastructure lifecycle? This session will discuss real-world examples of how to translate security and compliance requirements into software and make them a proactive part of the software-delivery process. We can decrease risk by defining compliance rules as code and making them a part of the standard continuous delivery workflow.

This talk will provide an overview of the open-source InSpec project ( and how you can build “Compliance as Code” into your pipelines.



Anthony Rees


Anthony is a member of the Chef Solutions Architecture Team helping organisations with the journey to continuous automation and is based in Melbourne, Australia with a strong background in agile application development. He has always been an active open source community member and advocate, including OpenStack since the Grizzly days, CloudFoundry from pre-v1.0 and Docker for a few years now.

Anthony has a keen interest and vast experience in Continuous Delivery working with many teams around the world to implement Test Driven Development techniques, Feature Toggling best practices, late binding Platform-as-a-Service designs, Build Automation and leveraging DevOPS methodologies on both OpenStack and Public Cloud environments.

He is a regular speaker at development conferences and hackathons around the world. You can follow him on Twitter @anthonyrees or watch his previous presentations on YouTube.