Oddbean new post about | logout
 What about this? https://audgit.ai/ 
 Auditing the code is not enough, we would need to audit the state of the server since most of these servers allow ssh access the state of the system can be changed at any time by an operator. 
 An even further issue is that in the case of allowing an auditor in, it would expose secrets as well. 
 This is cool, but yeah, it’d have to be combined with something to audit to deployment as well.