Has anyone here got advice on using Maven to help provide evidence of ISO 27001 implementation?
We're preparing to get audited and the standard asks for us to provide evidence of secure development. I wondered if anyone had any specific advice on techniques or particular tasks that helps provide routine evidence that contributes to ISO 27001 implementation compliance. This is very likely pertinent to our CI server (Jenkins) too I'm sure. I imagine as the industry matures and companies start demanding evidence of compliance this will become a matter perhaps for formal documentation for developers using the tools. James
