[jerdthenerd]

I'm genuinely not sure how other companies do this.... But how is your team handling SOX controls WITHOUT at least one DevOps person?

I work at a medium size publicly traded company and our SOX compliance controls would take literal months to generate and/or prove to auditors without our CI/CD pipelines. It's just an extract from GH Actions with a report of who modified, who approved, and who actually pushed to main. All of these actions must be siloed (if you can commit to repo, you cannot push to main)

Potentially this is a consequence of micro service infra, my team alone manages nearly 25 separate git repositories.