What & Why

Today, when people speak about Supply Chain Security and CI/CD, there is an undeniable focus on the security of the artefacts being built, deployed and consumed - Observes helps managing the build environment. These are the high level use cases you can expect to implement when adopting the product.

CI/CD Platform observability and insights
CI/CD policy is enforced where and when it matters
Quality assurance checks are executed exactly as they should be

CI/CD Platform observability and insights

Today, when teams want to monitor their CI/CD platforms they have to iterate through the platform's interface (clickops) OR write custom scripts and parse the data in a way that is useful in order to assess their usage of the CI/CD platform.

This is unacceptable because it is onerous and relationships between the different components in the CI/CD environment are easily missed or overlooked.

We envision a world where teams have an accurate and actionable picture of their CI/CD environment.

We are bringing this world about through graphs that make relationships between CI/CD pipelines, platform configuration, resources and artefacts clear.

CI/CD Policy is enforced where and when it matters

Today, when administrators want to set a usage policy for CI/CD platforms they have to balance security and usability due to how dynamic and multi-purposed fast paced DevOps environments are.

This is unacceptable because there is no straightforward way for an organisation to understand what, when and how resources are being used in their CI/CD environments, leading to coarse-grained policies that are either too strict, for low criticality operations, or too lax for highly critical ones.

We envision a world where there is a clear lifecycle management process for CI/CD resources and policy is tailored and applied based on the risk the CI/CD operations pose to the organisation.

We are bringing this world about through enabling teams to define logical boundaries to group their CI/CD resources and apply tailored conditions of access, enforced in the CI/CD operations every time the resources are used.

Quality assurance checks are executed exactly as they should be

Today, when engineers want to consume security and quality assurance tooling in their CI/CD pipelines, they have to adopt standard pipeline templates OR update existing project pipeline code to include tooling specific implementation code.

This is unacceptable because there is no way for an organisation to automatically verify when security and quality assurance tooling has been implemented exactly as it must be in a pipeline.

We envision a world where security tooling is consumed exactly as an organisation mandates AND can be automatically evidenced so that deviation from expectation is identified and can be acted upon.

We are bringing this world about through allowing teams to monitor pipelines against organisational policies and validating the pipelines are being run in the expected way.

Need More Details?

Reach out to us via email and explore our documentation.