Uh oh, it’s time for a compliance audit! You know the drill, keep the auditor on the East-side of the building, make sure you only answer the questions that are asked, and remember, this only happens twice a year. 

Everyone wants to move faster and ship updates with higher velocity. Regulatory burdens and compliance can add extra drag on the system. Controls that live in notebooks, spreadsheets, and PDF files are difficult to verify. Scanning the production systems for compliance means you find violations when it’s too late and when they’re most expensive to fix. Compliance must be managed as code and must be part of your everyday development process if you’d like to improve compliance and increase velocity. 

In this talk, we’ll look at one way you can move compliance controls directly into your development process. We’ll explore InSpec, an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.

Nathen Harvey (@nathenharvey), VP of Community Development at Chef, helps the community whip up an awesome ecosystem built around the Chef platform. Nathen also helps people learn about the practices, processes, and technologies that support DevOps, continuous delivery, and high velocity organizations. Nathen is a co-host of the Food Fight Show, a podcast about Chef and DevOps.  He is also an occasional farmer who loves eggs and #hugops.