Governance your platform team will actually sign off on.
Quality gates enforced inside the Spark run, contracts that block bad schema before it burns compute, and an audit trail behind every action. Compliance as a property of the pipeline, not a spreadsheet.
Quality gates, in-engine
Nine rule types — uniqueness, not-null, accepted values, regex, freshness and more — enforced inside the Spark run itself, with a structured per-rule report on every run, pass or fail.
Data contracts & drift radar
The schema-drift radar continuously diffs pipeline expectations against the live source. Contract gates block a run before it spends compute when the upstream schema breaks.
SSO & role-based access
OIDC with PKCE, JWKS validation and group-to-role mapping. Admin, operator and viewer roles with project-scoped memberships — one identity provider, least-privilege by default.
Encrypted secrets
Connection credentials are encrypted at rest with AES-256-GCM and masked in every API response, log line and audit record. Nothing is stored or shown in the clear.
Complete audit trail
Every operational and admin action is recorded — who ran what, who changed which config, who merged which branch. Per-tenant, exportable, ready for your next audit.
GitOps promotion
Pipelines promote through Git artifacts with contract gates and rollback metadata. Pull requests — not dashboards — are the source of truth for what runs in production.