Chef has spent a lot of time bringing security and compliance into the software development lifecycle (SDLM). They have several solutions both open source and commercial which can help with your DevSecOps practice. I had a chance to sit down with Dan Hauenstein and Dominick Richter. Dominick is one of the founding members of dev-sec.io and co-creator of Chef Compliance.