PaymentProcessor Application Security and Compliance Challenges

![](https://2.bp.blogspot.com/-TDD4slMA7gg/WfzDeKVLr2I/AAAAAAAAAGw/dhfWOrCMdmogSNhGr5RrA2ovr02K5nn8ACK4BGAYYCw/s400/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.13%2BPM.png)](https://2.bp.blogspot.com/-TDD4slMA7gg/WfzDeKVLr2I/AAAAAAAAAGw/dhfWOrCMdmogSNhGr5RrA2ovr02K5nn8ACK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.13%2BPM.png) ## Example application: PaymentProcessor Let’s consider a simple application, _PaymentProcessor_, that retrieves, processes and updates payment info stored in a database. This application is made up of two containers: a standard ruby container and custom logic. Due to the sensitive nature of the payment data, the developers and DevOps team really want to make sure that the code meets certain security and compliance requirements, with detailed records on the provenance of this code. There are CI/CD stages that validate the quality of the PaymentProcessor release, but there is no easy way to centrally view/manage this information: [![](https://1.bp.blogspot.com/-WeI6zpGd42A/WfzDkkIonFI/AAAAAAAAAG4/wKUaNaXYvaQ-an9p4_9T9J3EQB_zHkRXwCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.23%2BPM.png)

The example application, PaymentProcessor, is used to illustrate the challenges of managing security and compliance in a CI/CD pipeline. The PaymentProcessor retrieves, processes, and updates sensitive payment data and consists of a standard ruby container and custom logic. Due to the sensitive nature of the data, developers and DevOps teams need to ensure the code meets specific security and compliance requirements and maintain detailed provenance records. However, there isn't a central way to view and manage this information across the CI/CD stages.