Pull Requests Without Associated Issues

This compliance check detects pull requests whose title and description don't reference a Jira issue. Linking PRs to issues ensures all code changes are traceable to authorized work items.

What It Detects

Dike searches both the PR title and description for Jira issue key patterns (e.g., PROJ-123). If no issue key is found in either location, a violation is created.

Examples of PRs that trigger violations:

Title: Fix authentication bug, Description: Fixed the login timeout issue
Title: Update React version, Description: Bump to React 18
Title: Refactoring, Description: (empty)

Examples of compliant PRs:

Title: PROJ-123: Fix authentication bug
Title: Fix login issue, Description: Resolves PROJ-456
Title: [PROJ-789] Update dependencies

Two Check Versions

Dike offers two versions of this check:

Pattern-only check (missing-issue-key-pattern): Searches PR title and description for issue key patterns using regex (default: [A-Z]+-[0-9]+). This version does not verify whether the issue actually exists in Jira. Use this when your organization has multiple Jira instances and Dike may not have access to all of them.
Issue existence check (missing-issue): Verifies that the referenced issue actually exists in the Jira instance where Dike is installed. This catches typos like PROJ-9999 when that issue doesn't exist, but only works for issues in the connected Jira instance.

Why It Matters for SOC2

SOC2 requires that all changes to production systems are authorized, documented, and traceable. This check addresses several key controls:

CC6.1 - Logical and Physical Access Controls: Code changes represent logical access to systems. Linking PRs to issues proves the change was authorized through your issue tracking system.
CC6.6 - Change Management Process: All changes must follow a defined process. The PR-to-issue link demonstrates the change went through proper channels.
CC8.1 - Change Documentation: Changes must be documented. Issue references provide the documentation trail auditors need.

Pull requests are often the last gate before code reaches production. Missing issue references break the audit trail, making it impossible to prove authorization during compliance reviews.

How to Resolve Violations

Review the PR to verify the changes are not malicious or unauthorized.
Close the violation in Dike once you've confirmed the PR is legitimate.

For PRs that are genuinely problematic, consider reverting the merge and re-applying through proper channels with appropriate issue references.

Preventive Measures

PR templates: Configure your repository with PR templates that include issue key fields:
```
## Related Issue
Fixes PROJ-XXX

## Description
...
```
Branch naming conventions: Name branches with issue keys (e.g., feature/PROJ-123-user-auth). Many teams configure automation to extract issue keys from branch names.
GitHub Actions: Add a workflow that checks for issue references before allowing merge.

Configuration Options

Rule Configuration

name: PR without issue reference
trigger: pr_merged
status: enabled
priority: medium
conditions:
  - type: missing-issue-key-pattern
    operator: matches
    value: "[A-Z]+-[0-9]+"
actions:
  - type: create-violation
    severity: medium
branchPatterns: []

Configurable Parameters

Parameter	Description	Default
`trigger`	When to evaluate: `pr_merged`, `pr_created`	`pr_merged`
`value` (pattern)	Regex pattern for matching issue keys	`[A-Z]+-[0-9]+`
`severity`	Violation severity level	`medium`
`branchPatterns`	Target branches (empty = all)	`[]`
`status`	Rule status: `enabled`, `disabled`, `warning`	`disabled`

Trigger Options

pr_merged: Check when PRs are merged (catches violations at merge time)
pr_created: Check when PRs are created (enables early feedback)

Using pr_created allows teams to catch missing references early, while pr_merged ensures nothing slips through to the main branch.

Issue Existence Check

To verify that referenced issues actually exist in Jira (not just match a pattern):

conditions:
  - type: missing-issue
    operator: equals
    value: true

This uses the Jira API to confirm the issue exists. Note that this only validates issues in the Jira instance where Dike is installed. For organizations with multiple Jira instances, use the pattern-only check instead.

Commits Without Issues - Similar check for individual commits
PRs Without Approvals - Ensures proper review process

What It Detects​

Two Check Versions​

Why It Matters for SOC2​

How to Resolve Violations​

Preventive Measures​

Configuration Options​

Rule Configuration​

Configurable Parameters​

Trigger Options​

Issue Existence Check​

Related Checks​