The code in this repository supports the examples outlined in the Citihub Whitepaper "Continuous Compliance as Code in the Cloud", available at https://www.citihub.com/insights/whitepapers/continuous-compliance-as-code-in-the-cloud-citihub-consulting/.
In this repository, we showcase some examples of an approach to compliance that we have found to be successful, namely we:
- Define an abstracted set of common control objectives that can be traced back to an origin (a regulation or industry benchmark)
- Express control requirements, implementing these objectives as Behaviour Driven Development (BDD) feature specs using the Gherkin DSL
- Using Terraform, deploy a clean-room infrastructure in which to test the controls
- Test the implementation of BDD features using Cucumber, specifically the Godog framework
More implementation details can be found in here
For more detail and more examples, or if you have questions, please get in touch.