Deployment Approvals

Introduction

In regulated or high-security development environments, segregation of duties is essential. This means that developers cannot deploy their own changes without getting approval from someone who understands them and accepts the associated risks.

Deployment approval controls are essential in the secure software development lifecycle. They manage the risks associated with changes and ensure that changes are made through informed decisions. In highly sensitive software systems, multiple approvers may be required.

Implementing this control

We use Bitbucket to trigger and record deployment approvals. Our CI/CD pipelines generate attestations to ensure that each deployment is properly reviewed and approved.