Keynote: Continuous Auditing with Compliance as Code - DevOpsDays Singapore 2017

Published on: Saturday, 18 November 2017

Speaker: Matt Ray

For too long audits and security reviews have been seen as resistant or even blocking the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill reaction to the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.

What if auditing, compliance and security could be fully integrated into continuous integration and continuous delivery pipelines? What if we automated our compliance policies so they could be “shifted left” as part of the application and infrastructure lifecycle? This session will discuss real-world examples of how to translate security and compliance requirements into software and make them a proactive part of the software-delivery process. We can decrease risk by defining compliance rules as code and making them a part of the standard continuous delivery workflow.

Why would this talk be a good fit for the DevOpsDays audience?
Incorporating compliance and audit checking into continuous integration pipelines allows teams to move faster and safer at the same time.

About the Speaker:

Matt Ray is the Manager and Solutions Architect for APJ for Chef. He is active in several open source communities and has worked in a wide variety of industries. He has been a contributor to the open source community for over two decades and has spoken at and helped organize many conferences. He currently resides in Sydney, Australia after relocating from Austin on behalf of Chef.

He podcasts at, blogs at and is @mattray on Twitter, IRC, GitHub and too many Slacks.

Event Page: