#compliance (2023-07)
| Discuss topics related to compliance. See also <#CBXSAR45B | security>. |
2023-07-22
@jonjitsu has joined the channel
Anyone have recomendations on tooling for Compliance as Code? I used chef inspec like 5 years ago to implement controls for AWS accounts. It was quite nice for being “compliance” oriented and using a real programming language. I’m not sure of the future of inspec along with it’s licensing change, is there something else comparable. Has compliance as code progressed at all? What resources can I consume to get ramped up on the current state of affairs. Everything I’ve found so far makes me think the whole movement died 2 years ago.
AWS has its own solution: security hub and AWS config. The “real language” part is more about implementation. There’s also a huge movement to shift this left, at the IaC layer with tools like checkov
I can highly recommend Vanta.com it’s a YC founded company. We been using for close to a year. Took us only 3 months to get ISO27001 certified.
The two tools that keep coming up in our talks with customers are Vanta and Wiz.io
2023-07-24
2023-07-25
@Shreyas has joined the channel