Problem to solve
Organizations have strict compliance challenges and we should help them overcome those challenges.
A non-exhaustive list of compliance challenges:
- Principle of least permissions - being able to prove that only people with the need for access have that access.
- Establish, enforce, and audit who can deploy to production. e.g. Operators or Masters
- Establish, enforce, and audit under what circumstances someone can deploy to production. e.g. security tests are mandatory
- Add a Compliance page to projects, groups, and/or instances
What does success look like, and how can we measure that?
- Companies that require SOC 2 compliance happily use our CI/CD pipelines without needing any external tools.