pr-auditor is a tool designed to operate on some GitHub Actions pull request events in order to check for SOC2 compliance.
Owned by the DevX team.
Learn more: Testing principles and guidelines
This action is primarily designed to run on GitHub Actions, and leverages the pull request event payloads extensively.
The optional -protected-branch flag defines a base branch that always opens a PR audit issue to track all pull requests made to it.
GITHUB_EVENT_PATH="/path/to/json/payload.json"
GITHUB_TOKEN="personal-access-token"
# run directly
go run ./dev/pr-auditor/ check \
-github.payload-path="$GITHUB_EVENT_PATH" \
-github.token="$GITHUB_TOKEN" \
-protected-branch="release"
# run using wrapper script
./dev/buildchecker/check-pr.shpr-auditor can be deployed to repositories using the available batch changes.