Skip to content

Policy Pipeline : place an SDLC around your compliance documentation with a pipeline that renders policy-as-code to human friendly formats

Notifications You must be signed in to change notification settings

gjyoung1974/policy-pipeline

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Documentation Pipeline

TODO: upgrade to latest Debian

Based on StrongDM Comply

A build pipeline that renders "policy-as-code" to "human friendly" artifacts: word processor docs, web files, EReader, PDF etc.

Value added:

  1. Enable enforcement of documentation change control via git/github workflow.
  2. Enforce documentation template style consistency.
  3. Include documentation TDD quality gates.
  4. Automate branching, tagging, version control, and archiving for policy documents!

To use this:
use the Dockerfile in the build/app directory to automate rendering of final artifacts
via github commit webhook trigger.

To render locally, do something like:

A. fork a documents templates repo to your GH Account:
soc2-policy-templates

B. clone it locally

cd ~
git clone https://github.com/gjyoung1974/soc2-policy-templates.git

C. make required edits to the Markdown code & then run docker

docker run --env gh_token=${GITHUB_TOKEN} --env gh_user=${GITHUB_USER} --env gh_email=${GITHUB_EMAIL} \
    --env gh_repo="soc2-policy-templates" -v ~/soc2-policy-templates:/source gyoung/comply:latest

D. Ultimately use a build system like CircleCI. Include a config.yml similar to the following in your templates repository:

version: 2
executorType: machine
jobs:
  build:
    working_directory: ~/source
    docker:
    machine:
      image: circleci/classic:edge
    steps:
      - checkout
      - run: docker run --env gh_token=${GITHUB_TOKEN} --env gh_user=${GITHUB_USER} --env gh_email=${GITHUB_EMAIL} --env gh_repo=${GITHUB_REPO} ${COMPLY_APP_IMAGE}

2018 [email protected]

About

Policy Pipeline : place an SDLC around your compliance documentation with a pipeline that renders policy-as-code to human friendly formats

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published