Deployment Review Rules
Deployment rules ensure final checkpoints before code reaches production, enforcing review policies, time windows, and scope-based approvals.
| ID | Title | Description | Significance | Severity |
|---|---|---|---|---|
| D1 | No Self-Review for Deployments | Deployments must be reviewed by someone other than the requestor | SOC-2 (Audit Readiness) | critical |
| D2 | No Deployment Review Bypass | Deployment reviews cannot be bypassed or skipped | SOC-2 (Audit Readiness) | critical |
| D3 | Deployment Must Reference PR | Every deployment must reference the pull request it originated from | SDLC Compliance | high |
| D4 | Sensitive Deployments Require Approval | Deployments touching sensitive systems (e.g., auth, payments) must be approved | SOC-2 (Audit Readiness) | critical |
| D5 | Deployment Window Enforcement | Deployments to production must occur within approved time windows | Incident Management Policy | medium |
💡 Want to recommend a rule? Contact us at support@warestack.com — we’d love to hear from you.
Last updated on