Skip to main content
DevOps icon showing cogs

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Sep 16, 2019 — DevOps Expert

Establish an Immutable Chain of Custody for Software Releases

DevOps

As any bread baker knows, there are four fundamental ingredients to any loaf: flour, yeast, water, and salt. Software delivery, like a great loaf of bread, requires a solid structure to ensure that what comes out of the oven tastes good every time. And good software is not just about a nice-looking package; it has to be secure as well. This series focuses on the four key ingredients needed to bake security and compliance into your software delivery processes.

We discuss ingredient 1 and ingredient 2 in prior posts. Now for ingredient 3:

Establish an immutable chain of custody for all releases

Shifting security and compliance left and integrating automated security and compliance checks throughout the software delivery process gives you access to more release data than ever before. One way to get value from this data is to automatically create a software chain of custody for every release that happens.

A software chain of custody is the trail of detailed, immutable proof of what happened, when it happened, and who made it happen for each and every step in each and every release process, from beginning to end. Automatically capturing a chain of custody for every release:

  • Enables both technical and business stakeholders to track the features in each release as they move from code to Production
  • Helps stakeholders ensure that all required security, compliance, and quality checks are built into the process
  • Proves that teams are successfully completing those checks while release processes run, and captures information about why checks might be skipped
  • Gives audit teams all of the information they need, at a glance, whenever they need it

After a release is out the door, an immutable software chain of custody ensures that teams can fully satisfy audit and regulatory requirements, without digging through hard-to-interpret log data, trying to correlate information from disparate tools, or scrambling to discover what’s running in Production. In addition, the chain of custody can help teams continuously improve by identifying security and compliance gaps in the pipeline—whether that means missing steps, steps that regularly fail or are skipped, or manual steps that can be automated.

XebiaLabs’ unique Software Chain of Custody reporting delivers crucial evidence about everything that happens in your software delivery pipeline, proving what happened, when it happened, where it happened, and who made it happen. With XebiaLabs, you can push a button and get a full release audit report in spreadsheet format, on demand.

We’ll be covering the remaining ingredient in an upcoming blog post. Or you can read about them all right now by downloading the white paper below. 

Related Reading

 

More from the Blog

View more
machine learning
Sep 30, 2021

Proactive enterprise incident management through machine learning

DevOps
Organizations can leverage automation as a way to diminish human error ...
Read More
expedited journey
Sep 13, 2021

The Expedited Journey of Digital Transformation

DevOps
Alan Brown, Digital Transformation Advisor at Digital.ai conducts a se ...
Read More
Aug 23, 2021

Is Data Analytics Missing From Your Digital Transformation?

DevOps
Nearly every major enterprise is already in the process of digital tra ...
Read More
Aug 19, 2021

Creative Ways to Automate Developer Workflows

DevOps
When an organization begins an Agile or DevOps journey, the process ca ...
Read More
Contact Us