Audit Ready Pipelines - Menace or Magic?

Auditors want proof that the right people did what they were supposed to do, when they were supposed to do it, and they want that information on demand. Developers tend to run for cover whenever release managers show up with an audit request in their hands. Audit-ready pipelines aim to address both of these problems.

The idea behind audit-ready pipelines stems from trying to merge software delivery automation, CI, and CD together into something where you can get increased visibility and understanding of your entire process, and what it means to different stakeholders.

Sometimes an out-of-the-box solution is not going to cut it for a certain customer. If that means generating more reports to trace back and connect all of the dots at a granular level, so be it. Enter the rapidly growing concept of audit-ready pipelines.

One of the most difficult tasks associated with audit-ready pipelines is around specific requirements, making sure all of the data that you might need for different types of compliance requirements and governance mandates is available in one location. This requires several core building blocks in order to become a reality: multiple connected tools, immutable objects managed by automated approval gates, governance by centralized RBAC and end-to-end visibility, and a centralized data source (from code commit to production deployment).

Managing this complexity tends to scare people off from giving audit-ready pipelines a chance, but I’m here to show you that they aren’t as scary as you might think. In this session, attendees will see examples of what an audit-ready release pipeline looks like, how they can placate auditors quickly and not bring fear to your development teams.


Avantika Mathur

Avan (Avantika) Mathur is the senior product manager for CloudBees Flow and passionate about DevOps. Her background includes helping large enterprises across financial services, retail and embedded ...