|Discuss topics related to compliance. See also <#CBXSAR45B
@jonjitsu has joined the channel
Anyone have recomendations on tooling for Compliance as Code? I used chef inspec like 5 years ago to implement controls for AWS accounts. It was quite nice for being “compliance” oriented and using a real programming language. I’m not sure of the future of inspec along with it’s licensing change, is there something else comparable. Has compliance as code progressed at all? What resources can I consume to get ramped up on the current state of affairs. Everything I’ve found so far makes me think the whole movement died 2 years ago.
AWS has its own solution: security hub and AWS config. The “real language” part is more about implementation. There’s also a huge movement to shift this left, at the IaC layer with tools like checkov
@Shreyas has joined the channel