Companies usually have security, privacy, safety and regulatory compliance policies that must be adhered to by their software engineering teams and the adherence to these policies can be validated by using surveilr agent to extract compliance evidence from machine attestation artifacts. Surveilr can help you retrieve compliance evidence from these artifacts without having to worry about filling compliance forms.
A company’s policy might state: “All software engineers/developers who are not working on Windows desktop or iOS native applications are required to use Debian-based Linux as their base operating system for code development.” This policy can be broken down into the following requirements:
Use the latest stable version of Debian-based Linux as the base operating system.
All development environments, tools, and libraries must be installed on the Linux OS.
Regularly update the OS and development environment for compatibility and security.
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies by capturing evidence. After gathering evidence, surveilr captures the machine’s operating system information and stores it in the device table.
SQL Query for Verification of Operating System Compliance
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code unit testing process.” This policy can be broken down into the following requirements:
All developers who use ReactJS as programming language must use Jest and React Testing Library as the unit testing tools.
All React developers must ensure they are following React reference Project for React code quality.
Using surveilr for Policy Compliance and Evidence Capture
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code coverage process.” This policy can be broken down into the following requirements:
All developers who use ReactJS as programming language must use Jest and React Testing Library as the coverage tools.
All developers who use ReactJS as programming language must follow Code Unit testing Policy.
All React developers must ensure they are following React reference Project for React code quality.
Using surveilr for Policy Compliance and Evidence Capture
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code e2e testing process.” This policy can be broken down into the following requirements:
All developers who use ReactJS as programming language must use Playwright as the e2e testing tools.
Using surveilr for Policy Compliance and Evidence Capture
A company’s policy might state: “All Software engineers/developers across all the projects must have Githooks scripts that are executed by Git before or after certain Git events, such as committing or merging code.” This policy can be broken down into the following requirements:
All Node.js projects must use Husky to manage Git hooks
Using surveilr for Policy Compliance and Evidence Capture
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code formatting process.” This policy can be broken down into the following requirements:
All developers who use Node.js as a runtime for their programming language must use Prettier as the formatting tool.
Using surveilr for Policy Compliance and Evidence Capture
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code Linting process.” This policy can be broken down into the following requirements:
All developers who use Node.js as a runtime for their programming language must use ESLint as the linting tool.
Using surveilr for Policy Compliance and Evidence Capture