How do you bridge the gap between strict compliance requirements (like Germany’s BSI IT-Grundschutz/ISO27001) and dynamic Kubernetes environments? Using a real-world case study from the Hamburg Port Authority (HPA), this lightning talk demonstrates how GitOps and open-source tools can automate compliance for critical security controls—without sacrificing agility.

We’ll spotlight two key IT-Grundschutz/ISO27001 building blocks and their GitOps-powered implementations:
- APP.4.4.A2 (CI/CD Automation): Secure scaleable setup via Templateing/Kyverno/ArgoCD.
- APP.4.4.A13 (Automated Configuration Auditing): Continuous compliance checks via tools like Trivy, Kyverno and ArgoCD through GitOps workflows.

Why this talk?
Most compliance discussions focus on what to secure—this talk shows how to do it scalably with GitOps, using a high-stakes public-sector example. Attendees will leave with a blueprint to turn audit checklists into automated guardrails.