DevX SOC2 compliance items: Tracking issue

[taylorsperry]

Plan

Tracking issue for outstanding SOC2 compliance work.

➡️ Because SoC2 first phase deadline is in two weeks, we need to move fast on this. Aim for simplicity. Seeking for feedback early from the SecTeam is the best way to proceed. We don't need everything to be perfect.

Tracking for our SOC2 documentation: https://sourcegraph.com/notebooks/Tm90ZWJvb2s6NjA=

Priorities

1. 29763

2. 29762

3. 29766

4. The others

Availability

If you have planned unavailability this iteration (e.g., vacation), you can note that here.

Tracked issues

@unassigned

• [x] https://github.com/sourcegraph/sourcegraph/issues/33959

Completed

• [x] (🏁 109 days ago) https://github.com/sourcegraph/sourcegraph/issues/29717
• [x] (🏁 109 days ago) https://github.com/sourcegraph/sourcegraph/issues/29718
• [x] (🏁 97 days ago) https://github.com/sourcegraph/sourcegraph/issues/29719 (PRs: ~#29927~)
• [x] (🏁 93 days ago) https://github.com/sourcegraph/sourcegraph/issues/30396

@bobheadxi

Completed

• [x] (🏁 138 days ago) https://github.com/sourcegraph/sourcegraph/issues/29005
• [x] (🏁 110 days ago) https://github.com/sourcegraph/sourcegraph/issues/29008
• [x] (🏁 103 days ago) https://github.com/sourcegraph/sourcegraph/issues/29762
• [x] (🏁 103 days ago) https://github.com/sourcegraph/sourcegraph/pull/29927
• [x] (🏁 99 days ago) https://github.com/sourcegraph/sourcegraph/issues/29761
• [x] (🏁 84 days ago) https://github.com/sourcegraph/sourcegraph/issues/29764
• [x] (🏁 84 days ago) https://github.com/sourcegraph/sourcegraph/issues/29894
• [x] (🏁 84 days ago) https://github.com/sourcegraph/sourcegraph/issues/29889
• [x] (🏁 78 days ago) https://github.com/sourcegraph/sourcegraph/issues/29765
• [x] (🏁 57 days ago) https://github.com/sourcegraph/sourcegraph/issues/30427
• [x] (🏁 29 days ago) https://github.com/sourcegraph/sourcegraph/issues/33275 🐛

@davejrt

Completed

• [x] (🏁 110 days ago) https://github.com/sourcegraph/sourcegraph/issues/29659

@jhchabran

• [ ] https://github.com/sourcegraph/sourcegraph/issues/31725 (PRs: ~#32347~)
• [ ] https://github.com/sourcegraph/sourcegraph/pull/34891

Completed

• [x] (🏁 85 days ago) https://github.com/sourcegraph/sourcegraph/issues/29763
• [x] (🏁 84 days ago) https://github.com/sourcegraph/sourcegraph/issues/29894
• [x] (🏁 84 days ago) https://github.com/sourcegraph/sourcegraph/issues/29889
• [x] (🏁 83 days ago) https://github.com/sourcegraph/sourcegraph/issues/29766
• [x] (🏁 56 days ago) https://github.com/sourcegraph/sourcegraph/pull/32347
• [x] (🏁 48 days ago) https://github.com/sourcegraph/sourcegraph/pull/32723
• [x] (🏁 today) https://github.com/sourcegraph/sourcegraph/issues/31008 🛠️

@taylorsperry

Completed

• [x] (🏁 today) https://github.com/sourcegraph/sourcegraph/issues/31008 🛠️

Legend

• 👩 Customer issue
• 🐛 Bug
• 🧶 Technical debt
• 🎩 Quality of life
• 🛠️ Roadmap
• 🕵️ Spike
• 🔒 Security issue
• 🙆 Stretch goal
• :shipit: Pull Request

[taylorsperry]

I don't think these are all GN-105, are they?

[bobheadxi]

Many are part of RFC 568 which pertains to SOC 2, and from what I understand the rest are also all testing-process related which seems covered by GN-105?

Application and infrastructure changes are required to undergo functional, security, unit, integration, smoke, regression, and SAST testing prior to release to production.

Sorry if I got some wrong - please let me know which ones should be corrected/feel free to correct them directly!