ARTICLES ABOUT

Technology

Let’s talk about tech, baby. Geek out on all the latest trends, new tools and better practices that are helping shape the world of Continuous Compliance
How regulated teams can avoid the DevOps Lite trap with DevOps Change Management

How regulated teams can avoid the DevOps Lite trap with DevOps Change Management

DevOps is being adopted across regulated industries, but old ITIL approaches to change management still create unnecessary lead times and risks. Fortunately, you don’t have to fall into the DevOps Lite trap with 20th century change management.


How to secure your software supply chain with Artifact Binary Provenance

In Merkely, we use Artifact Binary Provenance as the foundation for our audit trails. Artifact Binary Provenance is a fancy term, but the idea behind it is really quite simple. All it means is that we can identify the software we have running in production.

8 reasons why we do ensemble programming

At Merkely we do as much of our work as possible in a group setting, especially (but not limited to) programming. In our experience most tech teams don’t do this and we think they’re missing out on all kinds of advantages that come from working as an ensemble.

What does it mean to deliver software with Continuous Compliance?

In this short video, Mike Long, our Co-founder and CEO, explains how teams delivering software in regulated industries can achieve CI/CD using CC = Continuous Compliance. If you deliver software in a regulated environment you’ll be familiar with change management processes.

How to automate a secure chain of custody across your pipelines in 5 steps

Imagine you’re a Fintech CTO 🤓 with several teams and tens of microservices. Do you know what’s currently running in prod? How about yesterday? A week ago? Last month? And if you do know what’s in prod, do you also know how it got there?

How To Release Compliant Software on Demand

In this blog we’ll explain how to automate the change and release compliance in a Secure Software Development Lifecycle. Merkely is new technology that enables teams in regulated industries, like fintech, to release compliant software on demand.

How to Ensure Software Provenance. Just like Google.

Google has always been a leader when it comes to security culture, and google’s approach to managing a secure development lifecycle is no exception. This article introduces Google’s Binary Authorization for Borg (BAB), and will show you how you can implement the same binary authorization system to ensure that production software and configuration deployed in your organization is properly reviewed and authorized.

Introducing Continuous Compliance with Merkely

In this article we introduce new technology that allows you to automate the change and release compliance in a Secure Software Development Lifecycle. It’s called Merkely, a DevOps Change Collaboration tool for teams in regulated industries.

Using Git for a compliance audit trail

Merkely is a DevOps change management platform for storing a record of compliance controls. It helps financial institutions, medical device manufacturers, automotive and other mission-critical development teams to prove conformance to their software process.