5 Key Questions for Auditing and Compliance: Who Made Changes to Your IP?
(Second post in a five-part series on auditing and compliance)
Continuing this series of how to answer 5 key questions for auditing and compliance, let's look at how to report on who made changes to your IP.
Perforce's reporting tools include the user information, so it's easy to see who made a particular change.
p4 changes -l //gwt/trunk/... Change 12111 on 2012/09/24 by rdefauw@git-fusion-trunk my first change today Imported from Git Author: rdefauw <firstname.lastname@example.org> 1348507341 -0600 Committer: rdefauw <email@example.com> 1348507341 -0600 sha1: e379f33c189c5f95a368cab365b1e842e7f6d103
Of course Perforce has graphical tools like Time-lapse View that present this information in an easy to digest format for casual use. Time-lapse view is based on p4 annotate, which lets you drill down to see who changed particular lines of a file.
And here's where Git Fusion solves a major headache for Git auditing and compliance. Git Fusion maps Git identities back to known and trusted Perforce identities. Multiple SSH keys per user? No problem - we'll map those back to a single known Perforce identity. Do you allow anonymous commits from Git? We'll at least record the known user who pushed the change into Perforce, and record the unverified Git author information. If you'd rather reject anonymous commits, we'll let you enforce that policy easily.
As I mentioned in an earlier post, Perforce and Git Fusion provide solid audit logs that even let you record who was pushing and pulling to and from your Git repositories. So you can see not only who was changing your data, but who was reading it as well.
Stay tuned to the Perforce blog for more information on how Git Fusion solves your Git auditing and compliance needs.
Read Part 1 of the series: When Did the Changes Happen?
To learn more about IP security and the America Invents act in read IP Security: Covering Your Bases in a Global Development Environment.