-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DevX SOC2 compliance: repo rollout #30427
Comments
@bobheadxi Checking the docs, I don't see a mention about So, correct me if I'm wrong, it's a bit of a gray area because it's not a "product" that we are advertising explicitly, but we aren't either saying that it's not. I see two paths there:
For |
There are also sourcegraph extensions: |
Got redirected to security re: access questions: https://sourcegraph.slack.com/archives/C1JH2BEHZ/p1646181694003409 If that's a no-go, Michael mentioned that we can explore GitHub Apps: https://docs.github.com/en/developers/apps/getting-started-with-apps/differences-between-github-apps-and-oauth-apps#token-based-identification Requested reviews for most repositories, which is a manual process. Some repositories also need manual intervention for linter exceptions |
Got confirmation last week from security, pinged it-tech-ops again this week to set up write access for all: https://sourcegraph.slack.com/archives/C01CSS3TC75/p1646675404295489 I am going to merge unreviewed PRs in the batch change now, which is nice and easy with the batch change bulk action but is creating a lot of spam... oh well, at least we know it works 😛 |
There are still some unpublished changesets that were captured in the initial batch change query, but I am opting not to action these because they appear abandoned or are internal tooling: You can see the full set of repositories that had this rolled out here: https://k8s.sgdev.org/users/robert/batch-changes/pr-auditor-rollout?status=MERGED&visible=50 And with that I'm calling it wraps and closing this issue! cc @jhchabran @sourcegraph/security |
@bobheadxi thanks for taking on this grueling task 🙏💪, well done 🚀 |
Roll out DevX SOC2 compliance items across our critical repos, in order of priority:
https://k8s.sgdev.org/users/robert/batch-changes/pr-auditor-rollout?status=OPEN
Other repos:
The text was updated successfully, but these errors were encountered: