IBM Cloud Docs
Gathering evidence for inventory

copyright: years: 2024, 2024 lastupdated: "2024-10-08"

subcollection: devsecops


Gathering evidence for inventory

When you are going through an audit, you must provide evidence that your development and production environments are meeting the criteria in the regulatory standards that you claim compliance with.

Before you begin

Before you can start gathering evidence, be sure that you have the following prerequisites:

Viewing inventory commit details

If your auditor requests proof of change logs, you can use the following steps to create a screen capture of your configuration.

  1. In the IBM Cloud console, click the Menu icon Menu icon > Platform Automation > Toolchains, and select the toolchain for which you want to provide evidence.
  2. In the Delivery pipelines section on the Overview tab, click cd-pipeline. A list of triggers is displayed.
  3. Click the Manual CD Trigger to view the previous pipeline runs.
  4. Select a specific cd-pipelinerun on the Pipeline runs page. The details of the run open.
  5. From here, click the deploy-release stage then click the run-stage step to display the corresponding logs.
  6. Search for "Inventory successfully updated" in the logs to view all the inventory commits.

The commit URL doesn't direct you to the inventory repository.

Providing evidence of inventory updates during CI pipeline execution

  1. In the IBM Cloud console, click the Menu icon Menu icon > Platform Automation > Toolchains, and select the toolchain for which you want to provide evidence.

  2. In the Delivery pipelines section on the Overview tab, click ci-pipeline. A list of triggers is displayed.

  3. Click a Git or Manual trigger to view the previous pipeline runs.

  4. Select ci-pipelinerun on the Pipeline runs tab. The details of the run open.

  5. Go to the Deploy release > Run stage tab.

  6. Search for "Inventory successfully updated" in the logs and view the inventory commits.

    The image shows an example of the screen capture that a user might provide to an auditor when you gather evidence for an audit.
    Figure. Example screen capture

Alternately, you can go to the inventory repository that captures the state of the baseline configuration, and go to the commit history to check for recent inventory commits.

Providing evidence of control updates

After every successful CI pipeline run, the inventory repository is updated.

To view evidence that the controls were updated as part of the pipeline run at the inventory level, you can go to the inventory repository and view the updates. For information about navigating to the repository, see Showing changes between branches in Git Repos and Issue Tracking.

To view evidence that the controls were updated at the pipeline level, you can use the following steps.

  1. In the IBM Cloud console, click the Menu icon Menu icon > Platform Automation > Toolchains, and select the toolchain for which you want to provide evidence.

  2. In the Delivery pipelines section on the Overview tab, click ci-pipeline. A list of triggers is displayed.

  3. Click a Git or Manual trigger to view the previous pipeline runs.

  4. Select ci-pipelinerun on the Pipeline runs tab. The details of the run open.

  5. Go to the Deploy release > Run stage tab.

  6. Verify the updates by searching for compliance. You see entries similar to the following snippet.

    1455 | INFO | 2024-02-27T07:12:29.671Z | add.command.ts:179:10 | Inventory successfully updated: https://github.ibm.com/jaunin-b/hello-compliance-inventory/commit/8e7bf9ed6b15af8603109575d9089032779a8de0
    1550 | DEBUG | 2024-02-27T07:12:31.763Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory: 200
    1550 | DEBUG | 2024-02-27T07:12:32.239Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory: 200
    1550 | DEBUG | 2024-02-27T07:12:32.659Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory/git/ref/heads/master: 200
    1550 | DEBUG | 2024-02-27T07:12:33.108Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory/contents/hello-compliance-app: 200
    1550 | DEBUG | 2024-02-27T07:12:37.087Z | api.ts:89:1 | put | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory/contents/hello-compliance-app: 200