DevX SOC2 compliance: repo rollout #30427
Comments
|
@bobheadxi Checking the docs, I don't see a mention about So, correct me if I'm wrong, it's a bit of a gray area because it's not a "product" that we are advertising explicitly, but we aren't either saying that it's not. I see two paths there:
For |
|
There are also sourcegraph extensions: |
|
Got redirected to security re: access questions: https://sourcegraph.slack.com/archives/C1JH2BEHZ/p1646181694003409 If that's a no-go, Michael mentioned that we can explore GitHub Apps: https://docs.github.com/en/developers/apps/getting-started-with-apps/differences-between-github-apps-and-oauth-apps#token-based-identification Requested reviews for most repositories, which is a manual process. Some repositories also need manual intervention for linter exceptions |
|
Got confirmation last week from security, pinged it-tech-ops again this week to set up write access for all: https://sourcegraph.slack.com/archives/C01CSS3TC75/p1646675404295489 I am going to merge unreviewed PRs in the batch change now, which is nice and easy with the batch change bulk action but is creating a lot of spam... oh well, at least we know it works 😛
|
|
There are still some unpublished changesets that were captured in the initial batch change query, but I am opting not to action these because they appear abandoned or are internal tooling:
You can see the full set of repositories that had this rolled out here: https://k8s.sgdev.org/users/robert/batch-changes/pr-auditor-rollout?status=MERGED&visible=50 And with that I'm calling it wraps and closing this issue! cc @jhchabran @sourcegraph/security |
|
@bobheadxi thanks for taking on this grueling task 🙏💪, well done 🚀 |
Roll out DevX SOC2 compliance items across our critical repos, in order of priority:
https://k8s.sgdev.org/users/robert/batch-changes/pr-auditor-rollout?status=OPEN
Other repos:
The text was updated successfully, but these errors were encountered: