This template provides audit insights that are helpful in assessing the overall compliance of the team’s work with industry expectations, as set by popular standards such as SOC2 or ITIL.
It helps answer the most critical questions when it comes to auditing your Software Development Lifecycle (SDLC) process:
Do all pull requests have a green build before being merged?
Have all pull requests been reviewed and approved before being merged?
Which ones do not comply? Is an exception documented?
What is the compliance status of each project?
Insights
Green build ratio: The yearly ratio of successful builds for merged pull requests. This is an audit insight checking that pull requests were merged with a green build.
Industry standards (e.g. SOC 2) recommend that pull requests be merged only after the test suite has run successfully, in order to respect the automated standards and quality expectations set internally.
PR compliance feed: The list of recently merged pull requests and their compliance status in regard to approvals and builds.
Industry standards (e.g. SOC 2) recommend that pull requests be green (build) and peer-reviewed to ensure quality deliveries and eliminate functional and security bugs from production code.
PR review ratio: Measures the yearly approval ratio of all merged pull requests. This is an audit insight checking that pull requests met their minimum review requirements.
Industry standards (e.g. SOC 2) recommend that pull requests be peer reviewed to ensure quality deliveries and eliminate functional and security bugs from production code.
Project compliance score: The percentage of compliant PRs (approved with a green build) merged over the last 12 months and grouped by projects.
Industry standards (e.g. SOC 2) recommend that pull requests be green (build) and peer-reviewed to ensure quality deliveries and eliminate functional and security bugs from production code.