How to catch compliance in code review.
Practical, developer-register guides on doing compliance at the diff: what each framework actually checks in your repo, how to catch the common issues in review, and how to wire it into the pipeline you already run. Grounded in real controls, written for engineers.
- Primer
Compliance as code: a practical primer
What it means to treat compliance like the rest of your engineering: defined, checked on every change, and grounded in a specific control rather than a quarterly document.
- Explainer
What SOC 2 actually checks in your repo
Most of SOC 2 is process and evidence. The part that lives in your codebase clusters in the CC6 logical-access family, and it is smaller and more concrete than people expect.
- Walkthrough
Catching a GDPR retention bug in code review
A walkthrough of the most common GDPR issue that ships through a normal pull request: personal data that outlives its purpose, and how to catch it at the diff.
- Playbook
Shift-left compliance for a small team
If you are a handful of engineers heading into your first audit, you do not need a GRC department. You need a few habits that keep compliance from becoming a quarterly emergency.
- How-to
Make compliance a required check, on your terms
A compliance review is most useful when it lives in the same place as your other checks. Here is how to think about blocking versus advisory, without turning your pipeline into a bottleneck.