The automated validation of compliance in CI/CD pipelines has been identified as an essential feature of financial service providers that conduct their operations in highly regulated sectors. This paper focuses on the implementation of automated compliance controls on CI/CD pipelines and their capability to maintain regulatory compliance, security provision, and operational effectiveness. The research is based on an explanatory research design in which the explanatory analysis of the information was made using the secondary literature, industry reports, and the case studies on the Capital One, ING, and HSBC. The results have shown that policy-as-code, DevSecOps practice and automatic audit control greatly mitigate compliance threats and delays to deployment. The research makes the conclusion that scalable, continuous compliance within the financial institution cannot be achieved without the mature CI/CD adoption.
Chawla et al. (Mon,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: