copyright: years: 2024, 2024 lastupdated: "2024-10-08"
subcollection: devsecops
Gathering evidence for inventory
When you are going through an audit, you must provide evidence that your development and production environments are meeting the criteria in the regulatory standards that you claim compliance with.
Before you begin
Before you can start gathering evidence, be sure that you have the following prerequisites:
- Configured DevSecOps CI and CD pipelines that have successfully completed.
- The Viewer role or higher on the Continuous Delivery service. For more information, see Managing access for toolchains in resource groups.
Viewing inventory commit details
If your auditor requests proof of change logs, you can use the following steps to create a screen capture of your configuration.
- In the IBM Cloud console, click the Menu icon
> Platform Automation > Toolchains, and select the toolchain for which you want to provide evidence.
- In the Delivery pipelines section on the Overview tab, click
cd-pipeline
. A list of triggers is displayed. - Click the
Manual CD Trigger
to view the previous pipeline runs. - Select a specific
cd-pipelinerun
on the Pipeline runs page. The details of the run open. - From here, click the
deploy-release
stage then click the run-stage step to display the corresponding logs. - Search for "Inventory successfully updated" in the logs to view all the inventory commits.
The commit URL doesn't direct you to the inventory repository.
Providing evidence of inventory updates during CI pipeline execution
-
In the IBM Cloud console, click the Menu icon
> Platform Automation > Toolchains, and select the toolchain for which you want to provide evidence.
-
In the Delivery pipelines section on the Overview tab, click
ci-pipeline
. A list of triggers is displayed. -
Click a
Git
orManual
trigger to view the previous pipeline runs. -
Select
ci-pipelinerun
on the Pipeline runs tab. The details of the run open. -
Go to the Deploy release > Run stage tab.
-
Search for "Inventory successfully updated" in the logs and view the inventory commits.
Figure. Example screen capture
Alternately, you can go to the inventory repository that captures the state of the baseline configuration, and go to the commit history to check for recent inventory commits.
Providing evidence of control updates
After every successful CI pipeline run, the inventory repository is updated.
To view evidence that the controls were updated as part of the pipeline run at the inventory level, you can go to the inventory repository and view the updates. For information about navigating to the repository, see Showing changes between branches in Git Repos and Issue Tracking.
To view evidence that the controls were updated at the pipeline level, you can use the following steps.
-
In the IBM Cloud console, click the Menu icon
> Platform Automation > Toolchains, and select the toolchain for which you want to provide evidence.
-
In the Delivery pipelines section on the Overview tab, click
ci-pipeline
. A list of triggers is displayed. -
Click a
Git
orManual
trigger to view the previous pipeline runs. -
Select
ci-pipelinerun
on the Pipeline runs tab. The details of the run open. -
Go to the Deploy release > Run stage tab.
-
Verify the updates by searching for
compliance
. You see entries similar to the following snippet.1455 | INFO | 2024-02-27T07:12:29.671Z | add.command.ts:179:10 | Inventory successfully updated: https://github.ibm.com/jaunin-b/hello-compliance-inventory/commit/8e7bf9ed6b15af8603109575d9089032779a8de0 1550 | DEBUG | 2024-02-27T07:12:31.763Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory: 200 1550 | DEBUG | 2024-02-27T07:12:32.239Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory: 200 1550 | DEBUG | 2024-02-27T07:12:32.659Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory/git/ref/heads/master: 200 1550 | DEBUG | 2024-02-27T07:12:33.108Z | api.ts:89:1 | get | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory/contents/hello-compliance-app: 200 1550 | DEBUG | 2024-02-27T07:12:37.087Z | api.ts:89:1 | put | https://github.ibm.com/api/v3/repos/cd-jumpstart/hello-compliance-inventory/contents/hello-compliance-app: 200