Demo: Improving data security with custom fields in scorecards

Check out the 4-minute video or read on:

Scorecards are a powerful tool to manage your organization's DevOps health practices. Scorecards track key indicators that reveal underlying issues, allowing you to efficiently triage problems and even work to prevent future incidents.

Custom fields make these scorecards even more powerful by letting you capture anything you deem important, whether that’s an internal process or an external tool. This flexibility ensures that no item is left unattended when it comes to the health of your software architecture.

In this example, we’ll track data security requirements for services that hand Personally Identifiable Information (PII).

The health overview page

In addition to powerful built-in metrics, we’ve created the “Data Security: PII” scorecard to track criteria related to any component that handles PII. This scorecard leverages a label called data:pii to automatically associate the relevant component, and custom fields to enforce PII-specific scoring criteria.

The Data Security: PII scorecard

Within the scorecard, Compass shows 3 services linked with the data:pii label. Using custom fields, 3 unique PII criteria are included to ensure that privacy is registered and the proper encryptions are in place. This is not an exhaustive list, but shows some of the basic criteria you might choose to include in a similar application.

Unfortunately, one of these services is not up to par!

Scorecards reveal specific criteria that are failing to help us understand immediate and potential issues. In this case, the id-gatekeeper service is missing the proper encryption criteria. With Compass, we know exactly what’s affected when we send out that urgent Slack message or create a new issue for the backlog.

The possibilities are limitless! What will you track in scorecards using custom fields? Share your ideas and use cases in the comments below.

Learn how to customize your scorecards today.