Glossary

Compliance as code

Compliance as code is the practice of expressing and checking compliance obligations where the system actually lives, in the repository and the pipeline, rather than only in a policy document reviewed once a year. It borrows the move that worked for testing and infrastructure: take something manual and periodic and make it defined and continuous.

In code

In practice it means a control is named at a grain you can check ('a privileged role change must be logged'), the check runs on the pull request where changes happen, and a finding cites the specific control so an engineer can act on it.

Manifesto: compliance is a CI check
Guide: compliance as code, a primer

Get early access ← All terms