I'd like to consider migrating from Subversion to Git for my source control but my company is bound by SOX compliance.
Has anyone successfully implemented Git in a SOX compliant environment and if so could you elaborate on any of the potential pitfalls?
Thanks
Paul
There are products on the market (i.e. http://GitEnterprise.com) that helps in providing additional audit-trail capabilities. Even though those are not enough for producing a fully compliant SOX report, it provides the minimal ICT Security requirements needed by Companies that requires SOX compliance (i.e. Finance, Banks, Industries working on payments).
See https://gitent-scm.com/gitent/doc/GitEnterprise/Auditing.html
Hope this helps.
Luca.
Only your organisation and its processes can be SOX-compliant. If you're asking whether Git can be used to implement a version control/software development process which is SOX-compliant, you should clarify your question and provide links/information to the aspects of compliance (I assume you're referring to security/access control) which you're interested in instituting, if possible.
That having been said, since Git operates using a secure protocol (SSH), gives you a high degree of confidence in the integrity of a repo's contents (due to commit and tree SHA1 hashes), and can implement granular access controls (using e.g. Gitolite), the answer to your question is most likely ‘yes’
I don't see why not, they both can be configure to send and receive data via the same protocol (SSH).
