IBM Cloud Docs
Data included in change requests

Data included in change requests

The reference implementation standardizes how a change request is populated in the following sections:

  • Description & Plan
  • Change Tasks
  • Rollback

The change request is populated with content to simplify a compliance audit. It points to the key evidence that is generated by the continuous integration and continuous deployment process. It discloses the minimum set of information that is required; more details can be retrieved from durable storage when needed. For example, the change request contains references to scan logs, but not the actual logs. It also contains the reference to the build BOM, but not the build BOM itself.

Description and plan section

The content of the Description and Plan section is organized in the following way:

  • CI INVENTORY COMMIT URL The pointer to the Git commit ID that represents your continuous integration inventory. The continuous integration inventory contains information about the code level to be deployed and the artifacts with their signature and checksums to be deployed with this change request.

  • CHANGE LOG The list of all of the commit IDs and the description that is included in the code level to be deployed.

Git changelog for mymicroservice:

Git changelog of artifact '"uk.icr.io/mycontainerregistrynamespace/   mymicroservice:devsecops-pipeline4@sha256:733e74a13ad26d77a741204bcdc9c5f8f77023b26620ddaa7842d29b600014a0"'  

COMMITS:
94de4256c346c00fee9fd5f7bbfb114ed4da7c81 - implemented myfunction
  • PULL REQUESTS
mymicroservicerepo: <PR #> - (Merge pull request #15 implemented myfunction)
  • TEST AND SCANS RESULTS No issues are found if no failures are reported in the evidence summary or the list of failed IDs. For example, com.ibm.cloud.image_vulnerability_scan: failed; com.ibm.unit_tests: failed), with the abstract of the issues opened so that the approver can view details about what is failing.

Additional attachments

The change requests include attachments for the evidence summary, the deployment BOM, and the closing summary.

  • Evidence summary Contains the key information about test and scan results, and the issues that were created while you were running them. The entries in the evidence summary are a reformatted version of the summary.json file.

  • Deployment BOM A list of all of the artifacts, together with their digital signature or checksum that is transferred into the target environment to successfully run the deployment.

  • Closing summary The summary of all of the evidence that relates to the current deployment when the change request is closed.

Rollback

The rollback section provides the following information:

  • The version to roll back to.
  • The steps to follow if the rollback includes more than just the deployment of the previous version.