Skip to main content
DevOps icon showing cogs

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Aug 12, 2019 — DevOps Expert

Get Automated Compliance and Hands-Free Governance with XebiaLabs’ Software Chain of Custody Reporting Capabilities


Welcome to Part 3 of "Who, What, Where?" a series of blog posts that offer advice and solutions for meeting compliance and security requirements as you develop software at enterprise scale. In this series, XebiaLabs experts cover everything you need to know to take the pain out of audit tracking and reporting. Check out Part 1 and Part 2 .


The software chain of custody provides evidence about everything that happens in your software delivery pipeline. Just as the chain of custody for a piece of evidence involved in a legal case proves that that evidence was handled properly, the software chain of custody proves what happened, when it happened, where it happened, and who made it happen. Without this information, it’s impossible to meet compliance and security requirements as you develop and deliver software at scale.

Organizations, especially those in highly regulated industries, spend an enormous amount of time, money, and resources producing governance reports about their release pipelines. Creating a single audit report, for example, typically takes a month, with teams spending hundreds of hours digging through log files and piecing together data from dozens of tools.

These reports are generally delivered late, and when completed, only include a partial picture of what happened across the release pipeline. On top of that, they almost never meet the organization’s compliance requirements. Additionally, the back and forth that occurs between Security, Compliance, Development, and DevOps teams diverts everyone from business-critical activities, such as creating new software.

These challenges mean that for most enterprises, audit and compliance reporting is either half-done or not done at all, because it’s mostly manual, it steals valuable resources away from Development, and it slows the pace of software delivery.

That changes now...

Introducing the First Push-Button Audit Report for the End-to-End Software Delivery Pipeline

The XebiaLabs DevOps Platform 9.0 release introduces the world’s first and only push-button audit report that covers all release activities in an enterprise’s software delivery pipeline, from end to end. Our release audit report provides evidence for every single manual and automated task in the software delivery process: who did what, when, where, and how.

XebiaLabs is in a unique position of orchestrating the DevOps toolchain, which allows us to capture data across all tools, provide the context of what’s going on, paint a picture of exactly what happened in each software release—and deliver it to users at the push of a button. 

Audit and Security teams can get the release audit report on demand in spreadsheet format. Development teams no longer have to cobble together evidence of what happened in a release. And business users get the data they need, in the right format, while being in control of the process.

“XebiaLabs provides seamless release orchestration across our DevOps pipeline and automates data collection. When auditors request release details—such as code reviews, QA team approvals, or recorded changes—our teams quickly and effectively pull the data from XebiaLabs. And the new Release Audit Report in v9.0 will make results more comprehensive and the process even easier.”

Robert Parry, DevOps Engineer, KeyBank

The XebiaLabs push-button Release Audit Report allows teams to quickly filter reports by date, folder, keywords, and more, and export information for one or many releases. 

Collect, Visualize, Report, Prove

XebiaLabs’ comprehensive software chain of custody, supported by the new release audit report, provides the platform you need for fast, secure, compliant software delivery.

And you’ll be able to prove it.

With XebiaLabs, you can:

  • Visualize and monitor the software chain of custody, in real time or in retrospect
  • Verify that security and compliance checks were run for each release, making IT audits faster and easier for everyone involved
  • Drill down into the chain of custody for any release and any task to understand and prove exactly what happened
  • Understand security and compliance risks early, so they can find and fix application vulnerabilities and IT governance violations during development
  • Easily identifybottlenecks, slow processes, pain points, and areas that need improvement or increased automation

Learn More


More from the Blog

View more
Ascension Launch Banner
Apr 26, 2022

Get ready for peak performance with’s newest AI-Powered DevOps Platform Ascension Release

Today, is excited to announce our latest AI-Powered DevOps ...
Read More
Jan 24, 2022 Value Stream Delivery for SAFe®: The key to amazing business outcomes

The Scaled Agile Framework (SAFe) is the world’s leading framework for ...
Read More
Dec 09, 2021

How SaaS and cloud-based solutions helped the U.S. Department of Veterans Affairs achieve digital transformation

Modernizing legacy systems was an ongoing goal for the U.S. Department ...
Read More
Nov 29, 2021

Increase velocity and reduce risk with AI and machine learning

Artificial Intelligence (AI) and machine learning (ML) have proven use ...
Read More
Contact Us