Skip to main content

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Jan 16, 2019 — DevOps Expert

How a Release Chain of Custody Secures the Software Delivery Process


If you’ve ever watched Law & Order or read a John Grisham novel, you probably know how important it is to record the chain of custody for a piece of evidence in a legal case. The chain of custody doesn’t just detect and prevent evidence tampering; it also establishes that the evidence is actually related to the crime in question.

In the world of software delivery, a release’s chain of custody is equally important. It represents everything about a release at any given time: the release tasks that are involved, when those tasks were executed, and who executed them. Just as the chain of custody for a piece of evidence involved in a legal case proves that that evidence was handled properly, the chain of custody for a release proves what happened, when it happened, and who made it happen. An accurate, visible chain of custody enables stakeholders across the organization to track features as they move from code to Production and to verify that required security, compliance, and quality checks are run during the release process. An immutable, detailed chain of custody is also crucial for completed releases because it ensures that teams can satisfy audit and regulatory requirements, even after the release is out the door and in Production.

Visualize the Release Chain of Custody with XebiaLabs

The XebiaLabs DevOps Platform secures the complete release chain of custody for all types of releases; from legacy applications running on-premises to next-gen apps running on public, private, or hybrid clouds. For example, the new deployment dashboard allows everyone involved in the software delivery process—developers, QA testers, release managers, and business stakeholders—to see who took action on a release, what action they took, and when they took that action.The dashboard provides an advanced view of the entire deployment landscape: from applications and teams, to deployment tools and processes, to target environments both on-premises and in the cloud. It enables both technical and business stakeholders to:
  • Monitor the release chain of custody in real time, including what is being deployed, who is deploying it, and deployment status—no matter what deployment tools are being used, or what type of environments are being targeted
  • Drill down into the chain of custody for completed releases to identify slow processes, bottlenecks, pain points, and areas for improvement and increased automation
  • See exactly which version of each application is deployed to each environment and track it back to which features are part of each application version, eliminating confusion for all stakeholders
  • Identify security and compliance problems as soon as they are introduced thanks to automatic trend analysis
  • Verify the security and compliance checks that were run for each release, making IT audits faster and easier for everyone involved
  • Shift security and compliance concerns left, so teams can fix application vulnerabilities and IT governance violations during the development phase of the software delivery process
  • Filter release and deployment information based on team, project, application, environment, target technology—whatever makes sense for your organization

Learn More

Need more evidence? Check out these resources:

More from the Blog

View more
Feb 22, 2021

Reckoning DevOps’ role in the enterprise value stream

If you’re a software or digital solutions company, you may use DevOps ...
Read More
Feb 10, 2021

Customer spotlight: Schneider avoiding bumps in the road with DevOps adoption

Everyone wants to deliver software faster and more reliably. Companies ...
Read More
Jan 06, 2021

How testing automation can build a culture of QA while accelerating continuous delivery

An organization’s level of automated test coverage is quickly emerging ...
Read More
Jul 30, 2020

Part 2: Is Technology Slowing Down Your Digital Transformation?

In part one of this post, we shared insights from Andreas Prins’ webin ...
Read More
Contact Us