Why Code Tests Matter
Security compliance frameworks like SOC 2 require that your source code is handled with care — especially when it comes to how changes are made and reviewed. This means ensuring that:
Only authorized users can push code
Every code change is reviewed by another team member
Sensitive repositories are private and access-controlled
ComplyJet helps you stay on top of these requirements by automatically running a set of code tests across all in-scope repositories.
What You’ll See
The Code Tests page shows a list of checks we run against the repositories you scoped earlier. These include tests like:
Are protected branches configured?
Are PRs reviewed before merging?
Are the repositories private?
Are commit authors and reviewers different?
Each test is mapped to one or more framework controls — helping you generate real evidence of secure code management.
Fixing Failing Tests
Your goal here is simple: review all tests, focus on the ones in a failing state, and fix the issues using the guidance provided.
Click on any test to open its detailed view. You’ll see:
What the test is checking
When it was last run
Which repositories it ran on
Why it failed
For example, a test might report that GitHub repositories do not require at least one approved pull request before merging into the main branch. This results in a failing state because it means code can be merged without peer review — which goes against best practices and compliance requirements. Below the result, you'll find step-by-step remediation instructions — such as how to update branch protection rules in GitHub to enforce mandatory code reviews before merging.
Once the issue is resolved, click Trigger Run to verify. If everything looks good, the test will move to a passing state.
Keep It Passing
These code-level checks are a key part of your compliance posture. They not only reduce risk but also act as automated, audit-ready evidence. We recommend reviewing this page periodically and especially before major milestones.