Audit and compliance reports

2 minute readAudit and compliance

CloudBees CD/RO built-in audit reports aggregate data generated and collected from CloudBees CI and CloudBees CD/RO processes. This data is compiled into reports that can be used to address auditing requirements.

Access CloudBees CD/RO audit reports one of the following ways:

  • Navigate to Release Orchestration  Pipeline Runs. Then select Audit Reports from the pipeline three-dots menu.

  • From the Release editor or Pipeline editor select the Pipeline runs tab. Then select Audit Reports from the pipeline three-dots menu.

CloudBees TV

Audit every action and leverage built-in role-based access controls to enforce governance, security, and compliance.

Built-in Audit Reports in CloudBees CD/RO

The following audit reports are available:

Select Export report to download a PDF of the full audit report.

Approvals

The Approvals audit report provides a single tabular view of pipeline approval data. This report includes the following information:

  • Stage in which the approval occurred.

  • Pipeline task type and name.

  • Approver comments and name.

  • Task status and run date.

Approvals
Figure 1. Approvals

Time duration

The Time duration audit report provides the time (duration) to complete all stage and gate tasks. This report includes the following information:

  • Pipeline stage name.

  • Pipeline task type and name.

  • Name of user who launched the pipeline.

  • The amount of time the task took to complete.

  • Status of the task.

Time duration
Figure 2. Time duration

Evidence

The Evidence audit report collates all the pipeline evidence information into a single downloadable report. Select the Download Report link to review the pipeline evidence data.

Evidence
Figure 3. Evidence

Deployments

The Deployments audit report for microservice application requires the EC-Helm plugin version 1.4.0 or later. For traditional applications, this is not a prerequisite.

The deployments report provides details for each application deployed during the pipeline run. The following data displays for each deployed application:

  • Name of the pipeline stage.

  • Task name and type.

  • Application component or microservice with Argo Rollouts.

    For more information on advanced deployments with Argo Rollouts, refer to Argo Rollout deployment and delivery.
  • Task status.

  • Application artifact name and version.

Deployments
Figure 4. Deployment with component
Deployments
Figure 5. Deployment with Argo Rollouts
Audit-Ready Pipelines Are Table Stakes for DevSecOps

Watch the DevOps World 2020 session on Audit-Ready Pipelines for CloudBees CD/RO.

Build data is available for pipelines that execute a CloudBees CI job as a pipeline task. For more information, refer to Native CI integration.

The related build report provides details related to CloudBees CI jobs executed as part of the pipeline run. The report contains the following CloudBees CI job data:

  • Build name and status.

  • Branch name.

  • Triggering entity.

  • Job duration.

  • Name of the user who executed the pipeline.

  • Related actions.

Related builds
Figure 6. Related builds