Case Study

Google

How PNC Bank automated software supply chain compliance with Trigger Mesh.

Challenge

As one of the largest banks within the United States with $367 billion of assets under administration, PNC has a massive IT footprint and a dev team that needs to not only deliver innovative code but also consistently meet regulatory compliance requirements. PNC sought to develop a way to ensure new code would meet security standards and audit compliance requirements automatically—replacing the cumbersome 30-day manual process they had in place.

Solution

Using Knative, the cloud native serverless and eventing framework, PNC developed internal tools to automatically check new code and changes to existing code. Developers immediately know if their code meets company-wide standards. The power of Knative’s eventing and serverless features allows PNC to bridge processes between Apache Kafka and CI/CD toolchain events and achieve this automated state. PNC also utilized the TriggerMesh declarative API to address the specifics of the event driven workflow. The process allows PNC to stop code from going into production if any part of the requirements outlined are missing.

Google
Industry:
Publishing
Project Type:
Integrated Flutter Design and Engineering
VGV Services:
small check mark icon
Design
small check mark icon
Engineering
small check mark icon
Open Source
small check mark icon
Program Management
small check mark icon
Training
Results:
Beautiful & feature-rich Flutter-based Virtual Stock Exchange investment simulation app launched in App Store and Google Play in three months
VGV Open Source Software and Tools Used
Very Good Analysis
Dart Frog
Mockingjay
CLI
Formz

Challenge

As one of the largest banks within the United States with $367 billion of assets under administration, PNC has a massive IT footprint and a dev team that needs to not only deliver innovative code but also consistently meet regulatory compliance requirements. PNC sought to develop a way to ensure new code would meet security standards and audit compliance requirements automatically—replacing the cumbersome 30-day manual process they had in place.

Solution

Using Knative, the cloud native serverless and eventing framework, PNC developed internal tools to automatically check new code and changes to existing code. Developers immediately know if their code meets company-wide standards. The power of Knative’s eventing and serverless features allows PNC to bridge processes between Apache Kafka and CI/CD toolchain events and achieve this automated state. PNC also utilized the TriggerMesh declarative API to address the specifics of the event driven workflow. The process allows PNC to stop code from going into production if any part of the requirements outlined are missing.

By the Numbers

Time Saving

30-days off the development cycle, saving large amounts of time and money.

Scale

20k code repositories kept compliant to company standards

Consistency

5,000 developers can finalize the custom compliance process in real time

By the Numbers

Heading

Heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Impact

Deployment became easier, clearer, and immeasurably faster. An automated, instantaneous process replaced a process that meant 37 or more days of preparing presentations and holding meetings. The internally developed Policy-as-Code service checks code in near real time. Developers are freed up, and code reviews are not subject to the errors inherent in human reviews. Developers utilize a highly developed CI/CD process for over 6,000 applications maintained in PNC. Tests are created and implemented by compliance owners and automatically integrated into the workflow.