Overall Risk Score
78
Scale: 0 (high risk) → 100 (low risk)
Summary
- Change management approvals observed in 84% of PRs (CC8.1).
- CI pipeline enforces SAST and unit tests (CC6.6).
- Incident retrospectives documented in Slack (CC9.2).
Mapped Controls (sample)
| Control | Evidence | Finding |
|---|
| SOC2 CC8.1 | PR #4321 with 2 approvals | Meets policy |
| SOC2 CC6.6 | CI: SAST pass, coverage 86% | Meets policy |
| SOC2 CC7.2 | Jira: Threat modeling ticket | Needs consistency |
| SOC2 CC9.2 | Slack: Incident postmortem | Meets policy |
Remediation (next best actions)
- Enforce approvals on protected branches (raise to 100%).
- Automate threat modeling checklist in Jira (project template).
- Export CI artifacts to evidence store weekly.
This is a sample; real reports include clickable citations to the original artifacts and deltas over time.