Companies usually have security, privacy, safety and regulatory compliance policies that must be adhered to by their software engineering teams and the adherence to these policies can be validated by using surveilr agent to extract compliance evidence from machine attestation artifacts. Surveilr can help you retrieve compliance evidence from these artifacts without having to worry about filling compliance forms.
A company’s policy might state: “All software engineers/developers who are not working on Windows desktop or iOS native applications are required to use Debian-based Linux as their base operating system for code development.” This policy can be broken down into the following requirements:
Use the latest stable version of Debian-based Linux as the base operating system.
All development environments, tools, and libraries must be installed on the Linux OS.
Regularly update the OS and development environment for compatibility and security.
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies by capturing evidence. After gathering evidence, surveilr captures the machine’s operating system information and stores it in the device table.
SQL Query for Verification of Operating System Compliance
Compliance Evidence
Host Name
OS Name
Distribution Id
Kernel Version
OS Version
Long OS Version
HostName_1
Ubuntu
ubuntu
5.15.133.1-microsoft-standard-WSL2
22.04
Linux 22.04 Ubuntu
HostName_2
Ubuntu
ubuntu
5.15.133.1-microsoft-standard-WSL2
22.04
Linux 22.04 Ubuntu
Non-compliance Evidence
Host Name
OS Name
Distribution Id
Kernel Version
OS Version
Long OS Version
HostName_1
Ubuntu
debian
4.4.0-19041-Microsoft
20.04
Linux 20.04 Debian
HostName_2
Fedora
fedora
5.10.16.3-microsoft-standard-WSL2
33
Linux 33 Fedora
Unit Tests
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code unit testing process.” This policy can be broken down into the following requirements:
All developers who use ReactJS as programming language must use Jest and React Testing Library as the unit testing tools.
All React developers must ensure they are following React reference Project for React code quality.
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies, capturing the necessary details and storing them under the database table.
SQL Query for Verification of Packages Installation Compliance
Compliance Evidence
Host Name
Project Name
Jest With Version
Jest-environment-jsdom With Version
@testing-library/react With Version
@testing-library/jest-dom With Version
Ts-Jest With Version
HostName_1
react-code-quality-reference-project
^29.6.2
^29.6.2
^14.0.0
^5.17.0
^29.1.1
HostName_2
react-code-quality-reference-project
^29.6.2
^29.6.2
^14.0.0
^5.17.0
^29.1.1
Non-compliance Evidence
Host Name
Project Name
Jest With Version
Jest-environment-jsdom With Version
@testing-library/react With Version
@testing-library/jest-dom With Version
Ts-Jest With Version
HostName_1
react-code-quality-reference-project
^26.6.0
^26.6.0
^10.0.0
^4.2.0
^26.5.0
HostName_2
react-code-quality-reference-project
^26.6.0
^26.6.0
^10.0.0
^4.2.0
^26.5.0
SQL Query for Verification of Unit Test Script Compliance
Compliance Evidence
Host Name
Project Name
Unit Test Script
HostName_1
react-code-quality-reference-project
jest —json
HostName_2
react-code-quality-reference-project
jest —json
Non-compliance Evidence
Host Name
Project Name
Unit Test Script
HostName_1
react-code-quality-reference-project
mocha —reporter
HostName_2
react-code-quality-reference-project
mocha —reporter
Code Coverage
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code coverage process.” This policy can be broken down into the following requirements:
All developers who use ReactJS as programming language must use Jest and React Testing Library as the coverage tools.
All developers who use ReactJS as programming language must follow Code Unit testing Policy.
All React developers must ensure they are following React reference Project for React code quality.
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies, capturing the necessary details and storing them under the database table.
SQL Query for Verification of Packages Installation Compliance
Compliance Evidence
Host Name
Project Name
Jest With Version
Jest-environment-jsdom With Version
@testing-library/react With Version
@testing-library/jest-dom With Version
Ts-Jest With Version
HostName_1
react-code-quality-reference-project
^29.6.2
^29.6.2
^14.0.0
^5.17.0
^29.1.1
HostName_2
react-code-quality-reference-project
^29.6.2
^29.6.2
^14.0.0
^5.17.0
^29.1.1
Non-compliance Evidence
Host Name
Project Name
Jest With Version
Jest-environment-jsdom With Version
@testing-library/react With Version
@testing-library/jest-dom With Version
Ts-Jest With Version
HostName_1
react-code-quality-reference-project
^26.6.3
^26.6.3
^9.0.0
^4.0.0
^26.4.4
HostName_2
react-code-quality-reference-project
^26.6.3
^26.6.3
^9.0.0
^4.0.0
^26.4.4
SQL Query for Verification of Coverage Script Compliance
Compliance Evidence
Host Name
Project Name
Test:coverage
Script
Test:ci
Script
HostName_1
react-code-quality-reference-project
jest —coverage —json
npm run test — —testResultsProcessor=“jest-junit” —watchAll=false —ci —coverage
HostName_2
react-code-quality-reference-project
jest —coverage —json
npm run test — —testResultsProcessor=“jest-junit” —watchAll=false —ci —coverage
Non-compliance Evidence
Host Name
Project Name
Test:coverage
Script
Test:ci
Script
HostName_1
react-code-quality-reference-project
mocha —reporter
npm test — —reporter=mocha-junit
HostName_2
react-code-quality-reference-project
mocha —reporter
npm test — —reporter=mocha-junit
E2E Testing
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code e2e testing process.” This policy can be broken down into the following requirements:
All developers who use ReactJS as programming language must use Playwright as the e2e testing tools.
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies, capturing the necessary details and storing them under the database table.
SQL Query for Verification of Packages Installation Compliance
Compliance Evidence
Host Name
Project Name
@playwright/test With Version
HostName_1
react-code-quality-reference-project
^1.37.1
HostName_2
react-code-quality-reference-project
^1.37.1
Non-compliance Evidence
Host Name
Project Name
@playwright/test With Version
HostName_1
react-code-quality-reference-project
^1.36.0
HostName_2
react-code-quality-reference-project
^1.36.0
SQL Query for Verification of E2E Script Compliance
Compliance Evidence
Host Name
Project Name
E2E Script
E2e:dot
Script
HostName_1
”react-code-quality-reference-project”
playwright test
DEBUG=pw:api
playwright test —reporter=dot
HostName_2
”react-code-quality-reference-project”
playwright test
DEBUG=pw:api
playwright test —reporter=dot
Non-compliance Evidence
Host Name
Project Name
E2E Script
E2e:dot
Script
HostName_1
react-code-quality-reference-project
cypress run
DEBUG=cypress:cypress
cypress run
HostName_2
react-code-quality-reference-project
cypress run
DEBUG=cypress:cypress
cypress run
Git Hooks
A company’s policy might state: “All Software engineers/developers across all the projects must have Githooks scripts that are executed by Git before or after certain Git events, such as committing or merging code.” This policy can be broken down into the following requirements:
All Node.js projects must use Husky to manage Git hooks
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies, capturing the necessary details and storing them under the database table.
SQL Query for Verification of Husky Installation Compliance
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code formatting process.” This policy can be broken down into the following requirements:
All developers who use Node.js as a runtime for their programming language must use Prettier as the formatting tool.
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies, capturing the necessary details and storing them under the database table.
SQL Query for Verification of Code Formatter Installation Compliance
A company’s policy might state: “All Software engineers/developers across all the projects must have a consistent code Linting process.” This policy can be broken down into the following requirements:
All developers who use Node.js as a runtime for their programming language must use ESLint as the linting tool.
Using surveilr for Policy Compliance and Evidence Capture
The next step is to use surveilr to ensure compliance with these policies, capturing the necessary details and storing them under the database table.
SQL Query for Verification of ESLint as Linting Tool Compliance