Framework for automating compliance verification in CI/CD pipelines
Keywords:
Compliance Automation, Continuous Integration, Continuous Delivery, Policy-as-Code, Regulatory ComplianceAbstract
With the increasing demands of data privacy regulations such as GDPR, HIPAA, and CCPA, ensuring regulatory compliance during software development has become a critical yet challenging task. Manual compliance verification often introduces delays, inefficiencies, and the potential for human error, hindering development cycles. To overcome these challenges, this paper proposes a framework for automating compliance verification within Continuous Integration/Continuous Delivery (CI/CD) pipelines. By leveraging tools such as Open Policy Agent (OPA), OWASP ZAP, and Terraform, the framework integrates real-time compliance checks directly into the development workflow. This approach ensures consistent regulatory adherence, reduces reliance on manual processes, and accelerates software delivery. The proposed framework highlights how automation can minimize compliance bottlenecks, improve security, and enhance overall efficiency in modern software development pipelines.
References
B. Naveen, J. K. Grandhi, K. Lasya, E. M. Reddy, N. Srinivasu and S. Bulla, "Efficient Automation of Web Application Development and Deployment Using Jenkins: A Comprehensive CI/CD Pipeline for Enhanced Productivity and Quality," 2023 International Conference on Self Sustainable Artificial Intelligence Systems (ICSSAS), Erode, India, 2023, pp. 751-756, doi: 10.1109/ICSSAS57918.2023.10331631.
W. Wang, S. M. Sadjadi and N. Rishe, "A Survey of Major Cybersecurity Compliance Frameworks," 2024 IEEE 10th Conference on Big Data Security on Cloud (BigDataSecurity), NYC, NY, USA, 2024, pp. 23-34, doi: 10.1109/BigDataSecurity62737.2024.00013.
Berger, L. Hillebrand, D. Leonhard, T. Deußer, T. B. F. De Oliveira, T. Dilmaghani, M. Khaled, B. Kliem, R. Loitz, R. Bauckhage, and R. Sifa, "Towards automated regulatory compliance verification in financial auditing with large language models," in Proc. 2023 IEEE Int. Conf. on Big Data (BigData), 2023, pp. 4626–4635. doi: 10.1109/BigData59044.2023.10386518.
V. S. Rani, D. A. R. Babu, K. Deepthi and V. R. Reddy, "Shift-Left Testing in DevOps: A Study of Benefits, Challenges, and Best Practices," 2023 2nd International Conference on Automation, Computing and Renewable Systems (ICACRS), 2023, pp. 1675-1680, doi: 10.1109/ICACRS58579.2023.10404436.
T. Rangnau, R. v. Buijtenen, F. Fransen and F. Turkmen, "Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines," 2020 IEEE 24th International Enterprise Distributed Object Computing Conference (EDOC), Eindhoven, Netherlands, 2020, pp. 145-154, doi:10.1109/EDOC49727.2020.00026.
Paul, R. Manoj and U. S, "Amazon Web Services Cloud Compliance Automation with Open Policy Agent," 2024 International Conference on Expert Clouds and Applications (ICOECA), Bengaluru, India, 2024, pp. 313-317, doi: 10.1109/ICOECA62351.2024.00063.
M. Marandi, A. Bertia and S. Silas, "Implementing and Automating Security Scanning to a DevSecOps CI/CD Pipeline," 2023 World Conference on Communication & Computing (WCONF), RAIPUR, India, 2023, pp. 1-6, doi: 10.1109/WCONF58270.2023.10235015.
V. Parlapalli, B. S. Ingole, M. S. Krishnappa, V. Ramineni, A. R. Banarse, and V. Jayaram, "Mitigating Order Sensitivity in Large Language Models for Multiple-Choice Question Tasks," Int. J. Artif. Intell. Res. Dev. (IJAIRD), vol. 2, no. 2, pp. 111-121, 2024. doi: 10.5281/zenodo.14043004
C. Aparo, C. Bernardeschi, G. Lettieri, F. Lucattini and S. Montanarella, "An Analysis System to Test Security of Software on Continuous Integration-Continuous Delivery Pipeline," 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 58-67, doi: 10.1109/EuroSPW59978.2023.00012.
M. B. Thazhath, J. Michalak and T. Hoang, "Harpocrates: Privacy-Preserving and Immutable Audit Log for Sensitive Data Operations," 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Atlanta, GA, USA, 2022, pp. 229-238, doi: 10.1109/TPS-ISA56441.2022.00036.
V. Jayaram, S. R. Sankiti, M. S. Krishnappa, P. K. Veerapaneni, and P. K. Carimireddy, "Accelerated Cloud Infrastructure Development Using Terraform," International Journal of Emerging Technologies and Innovative Research, vol. 11, no. 9, pp. f382-f387, Sep. 2024. doi: 10.5281/zenodo.13935111.
K. K. Ganeeb, V. Jayaram, M. S. Krishnappa, P. Gupta, A. Nagpal, A. R. Banarse, and S. G. Aarella, "Advanced encryption techniques for securing data transfer in cloud computing: A comparative analysis of classical and quantum-resistant methods," International Journal of Computer Applications, vol. 186, no. 48, pp. 1–9, Nov. 2024. doi: 10.5120/ijca2024924135
N. Bangad, V. Jayaram, M. S. Krishnappa, A. R. Banarse, D. M. Bidkar, A. Nagpal, and V. Parlapalli, "A Theoretical Framework for AI-Driven Data Quality Monitoring in High-Volume Data Environments", International Journal of Computer Engineering and Technology (IJCET), vol. 15, no. 5, pp. 618–636, Sep.–Oct. 2024. doi: 10.5281/zenodo.13878755.
D. M. Bidkar, V. Jayaram, M. S. Krishnappa, A. R. Banarse, G. Mehta, K. K. Ganeeb, S. Joseph, and P. K. Veerapaneni, "Power Restrictions for Android OS: Managing Energy Efficiency and System Performance," International Journal of Computer Science and Information Technology Research, vol. 5, no. 4, pp. 1-16, 2024. doi: 10.5281/zenodo.14028551.
D. M. Bidkar, A. G. Parthi, D. Maruthavanan, B. Pothineni, and S. R. Sankiti, "Developing user-facing experiences in Android applications: A focus on push notifications and background operations," International Journal of Research and Analytical Reviews, vol. 11, no. 4, pp. 721–725, Nov. 2024. doi: 10.5281/zenodo.14235549
V. Agarwal, C. Butler, L. Degenaro, A. Kumar, A. Sailer and G. Steinder, "Compliance-as-Code for Cybersecurity Automation in Hybrid Cloud," 2022 IEEE 15th International Conference on Cloud Computing (CLOUD), Barcelona, Spain, 2022, pp. 427-437, doi: 10.1109/CLOUD55607.2022.00066.
T. Kittmann, J. Lambrecht and C. Horn, "A privacy-aware distributed software architecture for automation services in compliance with GDPR," 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA), Turin, Italy, 2018, pp. 1067-1070, doi: 10.1109/ETFA.2018.8502545.
K. Singi, K. K. Phokela, N. Sukhavasi and V. Kaulgud, "Framework for Recommending Data Residency Compliant Application Architecture," 2021 28th Asia-Pacific Software Engineering Conference (APSEC), Taipei, Taiwan, 2021, pp. 542-546, doi: 10.1109/APSEC53868.2021.00065.
M. S. Krishnappa, B. M. Harve, V. Jayaram, A. Nagpal, K. K. Ganeeb, and B. S. Ingole, "Oracle 19C Sharding: A Comprehensive Guide to Modern Data Distribution," International Journal of Computer Engineering and Technology (IJCET), vol. 15, no. 5, pp. 637-647, Sep.–Oct. 2024. Article ID: IJCET_15_05_059. doi: 10.5281/zenodo.13880818.
M. S. Krishnappa, B. M. Harve, V. Jayaram, V. Mallikarjunaradhya, and P. K. Veerapaneni, "Data Protection Strategies with Oracle 19C TDE," International Journal of Information Security, vol. 3, no. 2, pp. 1–12, 2024. doi: 10.5281/zenodo.13169157
M. S. Krishnappa, B. M. Harve, V. Jayaram, K. K. Ganeeb, J. Sundararaj, and S. Joseph, "Storage solutions for enhanced performance: Leveraging basic file and secure file," International Journal of Database Management Systems, vol. 2, no. 1, pp. 1–8, 2024. doi: 10.5281/zenodo.13944888
H. Igwe, The significance of automating the integration of security and infrastructure as code in software development life cycle, Ph.D. dissertation, Purdue University, 2024. ProQuest Dissertations & Theses, Document ID: 31606909.
R. Soper, N. N. Torres, and A. Almoailu, Zed Attack Proxy Cookbook: Hacking tactics, techniques, and procedures for testing web applications and APIs. Packt Publishing, 2023.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Akshay Nagpal, Balakrishna Pothineni, Ashok Gadi Parthi, Durgaraman Maruthavanan, Amey Ram Banarse, Prema kumar Veerapaneni, Srivenkateswara Reddy Sankiti, Vivekananda Jayaram (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.