Aptible’s Github integration keeps your asset inventory up to date, triggers recurring security activities, and ensures your repo security settings are compliant.
Not all of your code repos will be in scope of your ISMS. By maintaining this list over time, you’ll be able to more quickly react to requests from auditors and customers when they are investigating your SDLC policies. Additionally, you can leverage Ticket Templates to automatically trigger processes when code repos are added or removed from Github (e.g. conduct a risk analysis when a code repo is created or remove sensitive data the code repo was utilizing after it’s removed).
When syncing your code repos, we automatically check them for secure settings. See the Checks section below for more details.
Comply will automatically record every Pull Request merged as an event and then process them using pre-configured checks to provide evidence that your SDLC policies are being followed and visibility into when they are not being followed. The Checks that come with integration will generate healthy evidence for "Approved" and "CI Success" tagged events and unhealthy evidence for all others.