Tugboat Logic is proud to announce the availability of our latest feature: GitHub Integration: Automated Evidence Collection for Code Change Control.
A best practice security control recommended by NIST, SOC 2 and ISO 27001 is to conduct a code review for each release to production to ensure security and quality.Given the frequency of code releases, this can be a burden to manually collect the evidence to show this task has been completed. So Tugboat Logic has created an automated method for collecting this evidence through an integration with GitHub Cloud.
The Tugboat Logic Github integration helps you automate the evidence collection process for gathering code review data from your GitHub cloud instance for proof that you are following proper change controls with every code release. This information will be stored in the “Evidence” page under "Code Change Control Evidence". This evidence can then be used during third-party audits (e.g. SOC 2, ISO 27001) by linking to it to Evidence Requests on the “Certifications Projects” page.
Note that the Automated Evidence Collection feature is best used when your organization has adopted a process where your GitHub repositories enforce pull requests with required reviews on production branches, where reviewers check for common security and quality issues.