Software program development and deployment techniques have, in many cases, evolved from using traditional monolithic standalone software programs to instead using groups of interconnected smaller programs, with some or all such smaller programs referred to in some situations as “services” that are part of a larger service-oriented architecture or environment in which multiple services work together to provide a larger coordinated functionality. While such service-oriented architectures and environments provide some benefits, they also introduce a variety of complexities and other problems.
An additional type of functionality that provides some benefits but also creates increased complexity as well as other problems includes the use of virtualization techniques. For example, virtualization technologies such as those provided by XEN, VMWare, or User-Mode Linux may allow a single physical computing system to be shared among multiple users by providing each user with one or more virtual machines hosted by the single physical computing system, with each such virtual machine being a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators and administrators of a given hardware computing resource, while also providing application isolation among the various virtual machines.
Another type of functionality that provides some benefits but also creates increased complexity and further problems includes the use of online execution environments that some companies implement to execute programs for and provide other benefits to customers, which may in some circumstances be referred to as providing platform as a service (“PaaS”) functionality, software as a service (“SaaS”) functionality, and/or infrastructure as a service (“IaaS”) functionality, or more generally referred to at times as “cloud computing”. Such an online execution environment typically operates computer networks that interconnect numerous computing systems to support their operations, such as with at least some of the computing systems being co-located in one or more data centers (whether private data centers that are operated by and on behalf of a single organization, or public data centers that are operated by entities as businesses for multiple customers). Some public data center operators provide network access, power, and secure installation facilities for hardware owned by various customers, while other public data center operators provide “full service” facilities that also include hardware resources made available for use by their customers.
As each of these different types of computing environments increases in complexity, so too does the coordination and determination that each service, functionality, or the computing environment is in compliance with one or more regulatory, industry or company standards. Different versions, configuration changes, updates, failed computing systems, etc. can alone or in combination result in one or more aspects of the computing environment being out of compliance with one or more such standards. Moreover, various different groups involved with the software lifecycle (e.g., development, operations, security, and compliance teams) may utilize different terminology or rules to determine if the software is compliant with the regulatory and company standards. However, as the use of service-oriented architectures, online execution environments and virtualization technologies has increased, solutions to address the resulting complexities and other problems associated with compliance testing have not been fully developed.