This post is from the XebiaLabs blog and has not been updated since the original publish date.
How a Release Chain of Custody Secures the Software Delivery Process
If you’ve ever watched Law & Order or read a John Grisham novel, you probably know how important it is to record the chain of custody for a piece of evidence in a legal case. The chain of custody doesn’t just detect and prevent evidence tampering; it also establishes that the evidence is actually related to the crime in question.In the world of software delivery, a release’s chain of custody is equally important. It represents everything about a release at any given time: the release tasks that are involved, when those tasks were executed, and who executed them. Just as the chain of custody for a piece of evidence involved in a legal case proves that that evidence was handled properly, the chain of custody for a release proves what happened, when it happened, and who made it happen. An accurate, visible chain of custody enables stakeholders across the organization to track features as they move from code to Production and to verify that required security, compliance, and quality checks are run during the release process. An immutable, detailed chain of custody is also crucial for completed releases because it ensures that teams can satisfy audit and regulatory requirements, even after the release is out the door and in Production.
Visualize the Release Chain of Custody with XebiaLabsThe XebiaLabs DevOps Platform secures the complete release chain of custody for all types of releases; from legacy applications running on-premises to next-gen apps running on public, private, or hybrid clouds. For example, the new deployment dashboard allows everyone involved in the software delivery process—developers, QA testers, release managers, and business stakeholders—to see who took action on a release, what action they took, and when they took that action.The dashboard provides an advanced view of the entire deployment landscape: from applications and teams, to deployment tools and processes, to target environments both on-premises and in the cloud. It enables both technical and business stakeholders to:
- Monitor the release chain of custody in real time, including what is being deployed, who is deploying it, and deployment status—no matter what deployment tools are being used, or what type of environments are being targeted
- Drill down into the chain of custody for completed releases to identify slow processes, bottlenecks, pain points, and areas for improvement and increased automation
- See exactly which version of each application is deployed to each environment and track it back to which features are part of each application version, eliminating confusion for all stakeholders
- Identify security and compliance problems as soon as they are introduced thanks to automatic trend analysis
- Verify the security and compliance checks that were run for each release, making IT audits faster and easier for everyone involved
- Shift security and compliance concerns left, so teams can fix application vulnerabilities and IT governance violations during the development phase of the software delivery process
- Filter release and deployment information based on team, project, application, environment, target technology—whatever makes sense for your organization