This chapter covers
- Ensuring your work and commits are traceable
- Enforcing the four-eyes principle in pull requests
- Setting up the CODEOWNERS file to enforce reviewers
- Enabling mandatory workflows
This chapter helps you set up your GitHub workflows so that you can comply with almost any compliance framework in use in the industry. Regarding compliance, most compliance frameworks have two primary risk mitigations you need to implement to be compliant. First, you need to have the ability to prove who has made a change and show what changed and at which point in time. This is often referred to as traceability. Second, you need to be able to enforce this change being reviewed by someone else—preferably, someone with a different role in the change process. This process is referred to as the four-eyes principle. In this chapter, we describe how to enable these controls so that you can comply with most industry frameworks.