DevSecOps in the Cloud: Creating Policy as Code Pipelines