Skip to main content
SpringerLink
Log in

Compliance and Security

  • Chapter
  • First Online:
DevSecOps for .NET Core

  • 900 Accesses

Abstract

A typical DevOps pipeline finishes as soon as the package has been deployed to a secure environment. DevSecOps introduces extra steps to your pipeline to verify and support the compliance of your product in international markets. The topic of compliance takes more than just a license into account. International markets introduce their own set of legal requirements for a solution provider. European countries, for example, have GDPR (the General Data Protection Regulation). This requires the solution vendors and ISVs to apply a set of rules across their organization (changes such as recruiting a Data Protection Officer) as well as the solution (such as user “consent” for data collection and applying a data removal policy). This compliance rule not only applies to solutions being used from within Europe, but also to the solutions that provide services to Europeans, even from outside Europe.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Learn more about the open source licenses at https://opensource.org/licenses.

  2. 2.

    For marketing experts and optimization teams, the concept of funnels is familiar. You need to understand how an action is performed by a user, or what led them to take a certain action. For a postmortem expert or an SRE, it is also important to know the side effects an action had on the system in terms of security, privacy, and resilience.

  3. 3.

    At one organization (where I have collaborated for several training sessions), one of the engineers modified one of the API keys for advertisement banners in their applications. They had around 10,000 active members per month. Their marketing team was able to detect the decrease in weekly earnings, but they did not realize the problem was with the update made in their build pipeline. The analysis of the application showed the ads being rendered but the earnings were being forwarded to another account (which they learned about later). Now they have an audit system with a custom-built credential management store. Oh, that engineer got fired for not playing fair and faced legal action.

  4. 4.

    Read this article to learn more about this approach in Entity Framework Core, https://www.entityframeworktutorial.net/faq/set-created-and-modified-date-in-efcore.aspx.

  5. 5.

    Kryptowire is one such solution that can test your Android app against known vulnerabilities and malware. It can help you determine if your application complies with international regulations.

  6. 6.

    Get the guide at https://itrevolution.com/devops-audit-defense-toolkit/. You can learn good practices for DevOps and auditing on the website as well. The website also enlists the active events and seminars in place.

  7. 7.

    Check out a review of the initial draft of this guide at https://www.csoonline.com/article/2365915/defending-devops.html.

  8. 8.

    You can perform the update or remove actions on a Git repository. But this comes at a cost of losing the history. If you perform a deletion and force it to be removed from the history, you also lose any related actions that others have performed. This is one of the reasons there are locks on the branches that prevent such actions.

  9. 9.

    DevOps recommends against stand-up meetings and daily reports. Instead it recommends asynchronous communication—”work done” over “tasks created.” The term “room” was in the sense of a digital room, like a chat room. DevOps tools offer this functionality as a part of the subscription.

Author information

Authors and Affiliations

  1. Rabwah, Pakistan

    Afzaal Ahmad Zeeshan

Authors
  1. Afzaal Ahmad Zeeshan
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Afzaal Ahmad Zeeshan

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Zeeshan, A.A. (2020). Compliance and Security. In: DevSecOps for .NET Core. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5850-7_7

Download citation

Publish with us

Policies and ethics

Search

Navigation