I’m working with a shopper, which has a bunch of companies below SOX compliance.
They present have a code-review coverage that appears like so:
- A reviewer should settle for the final commit on a pull request
Which means if somebody rebases, or makes a small nit change, they should get a assessment over again.
The explanation they do that is:
SOX mandates that each one Adjustments are examined and permitted earlier than being
deployed to Manufacturing. If a developer could make a change after a code
assessment, then we unfastened the peace of mind that code has been
reviewed/permitted. The danger is that performance is perhaps altered
(deliberately or not) with out Administration consciousness.
I’m having bother believing that that is the perfect resolution for SOX compliance. I observed vital velocity slow-downs due to this.
Trying round at documentation for SOX, it does not particularly say that code assessment wants to seem like this.
Are there higher approaches? I’d love to assist my shopper enhance their velocity right here, with out including an excessive amount of threat to SOX compliance