Add FIPS 140-3, config provenance, and drift detection#7
Merged
Conversation
Landing page: - Add FIPS 140-3 Ready, Bot Detection, and Config Provenance feature cards (12 → 15, 5 clean rows) - Add artifact provenance and drift detection to control plane bullets - Add dedicated admin API to data plane bullets - Update TLS bullet to mention FIPS 140-3 Blog: - Split compliance article into two parts for readability - Part 1: artifact provenance, drift detection, access controls, OPA logs - Part 2: schema validation, secrets, FIPS 140-3, GitOps, framework mapping - Add FedRAMP SC-13, CMMC L3 SC.3.177, PCI DSS Req. 3 to compliance mapping table - Fix duplicate YAML path key in OpenAPI example
ndreno
added
documentation
bbe64
reviewed
Mar 5, 2026
Co-authored-by: Baptiste Be <72380093+bbe64@users.noreply.github.com>
Co-authored-by: Baptiste Be <72380093+bbe64@users.noreply.github.com>
Co-authored-by: Baptiste Be <72380093+bbe64@users.noreply.github.com>
Co-authored-by: Baptiste Be <72380093+bbe64@users.noreply.github.com>
Co-authored-by: Baptiste Be <72380093+bbe64@users.noreply.github.com>
Co-authored-by: Baptiste Be <72380093+bbe64@users.noreply.github.com>
Co-authored-by: Baptiste Be <72380093+bbe64@users.noreply.github.com>
bbe64
reviewed
Mar 7, 2026
| --- | ||
| title: "Compliance by design, part 1: how Barbacane becomes your API audit trail" | ||
| description: "Auditors don't just ask whether you have security controls. They ask how you can prove those controls were actually enforced. Explore how Barbacane's compiled approach turns your API gateway into a verifiable compliance artifact." | ||
| publishDate: 2026-02-18 |
Contributor
There was a problem hiding this comment.
Suggested change
| publishDate: 2026-02-18 | |
| publishDate: 2026-03-07 |
bbe64
reviewed
Mar 7, 2026
| --- | ||
| title: "Compliance by design, part 2: the compliance controls" | ||
| description: "From schema validation and secrets management to FIPS 140-3 cryptography and GitOps workflows — the specific controls Barbacane provides for SOC 2, PCI DSS, HIPAA, FedRAMP, and beyond." | ||
| publishDate: 2026-03-05 |
Contributor
There was a problem hiding this comment.
Suggested change
| publishDate: 2026-03-05 | |
| publishDate: 2026-03-07 |
bbe64
approved these changes
Mar 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sources: PR #40 in Barbacane (FIPS guide), CHANGELOG [Unreleased] section (provenance, drift detection, admin API).
Test plan