The sponsor wants to ensure that no employees are violating the code confidentiality agreements with their customers. A continuously running application will achieve this by scanning the company’s private code base and comparing it to the content of public commits originating from employee accounts. If any unauthorized private code has made it into a public repository, alerts will be triggered, flagging the offending repositories and the user who contributed the code in a web portal.
Tracked repositories can vary in terms of which branches are important, which users have access, and whether the client has authorized making their code public. When comparing code, there may be files (like licenses) that are likely to be flagged but have no confidential content. Therefore, it will be necessary to provide an interface for configuration on a repo-by-repo basis.
The interface will contain various configuration and reporting functionality. Admins will be able to review any code that has been flagged by our application. If they believe that the code has been flagged erroneously, they can tag it as a false positive, and the system will remember that action. The system may also display a metric to show how similar it believes the two matching code blocks are and have thresholds for the confidence of code similarity before flagging.
The sponsor would like the finished application to be developed in a Docker container and deployed to their AWS instance. The programming language(s) and the majority of the tech stack we use are left to our discretion.