• Home
  • Delivery processes

Delivery processes

A comprehensive catalog of tools and technologies used in the delivery pipeline, organized by process area with status tracking and implementation details.

The Delivery Processes Catalog provides a comprehensive list of tools and technologies used in the delivery pipeline.

New technologies can be introduced by preparing a “spike” that identifies the need, establishes clear acceptance criteria, and builds a provable case that adding the new technology provides a significant benefit exceeding the cost of doing so.

For this activity, refer to chapter 2.8 Delivery processes & tools as a guide. As technologies are adopted, keep your service catalog up to date. Use the tags Proposed, Under review and Approved to reflect the current status of each catalog entry.

Delivery processes map

The following drawing provides a high-level map and identifies different processes you’ll want to think about.

Delivery processes map: nine process phases (Manage, Plan, Create, Verify, Package, Secure, Release, Configure, Monitor, Protect) with the key activities and tools under each.

Service catalog

The following table identifies products and technologies used in the delivery pipeline, and where appropriate indicate a priority for implementation.

New entries should be added with a Proposed tag and must be reviewed and approved by the Architecture Review Board.

ProcessStatusFunctional AreaImplementation
Manage
Audit EventsProposed
P2		Observability
Audit ReportsProposed
P2		Observability
  • Business reports (offline) summarizing business intelligence
Compliance ManagementProposed
P2		Compliance
  • Compliance process management platform
  • Vanta
Operational VisibilityProposed
P2		Observability
  • Supports live visibility into operational data (runtime, data flow, business intelligence)
  • OpenTelemetry
  • Grafana
Plan
Issue TrackingUnder review
P1		Incident Management
  • Supports tracking of bugs and defects
  • JIRA
Design ManagementUnder review
P1		Asset Management
  • Centralized, version controlled repository that contains all design assets
  • Confluence
Create
Source Code ControlApproved
P1		Asset Management
  • Manage and secures source code
  • GitLab
Code ReviewApproved
P1		Development
  • Facilitates pull request / source code review
  • GitLab (see also: handbook)
Peer ReviewApproved
P1		Development
  • Facilitates peer review and pull request management
  • GitLab
Common RepositoryApproved
P1		Development
  • Facilitates unified access to code with role based permissions
  • GitLab
Ephemeral EnvironmentsApproved
P1		Infrastructure Management
Verify
Continuous IntegrationApproved
P1		Build Management
  • Automated build post-merge with escalating deployment to higher environments using IaC
  • GitLab
Code Testing and CoverageUnder review
P1		Development
  • Automated testing framework and code coverage analysis (language dependent)
  • SonarQube
Package
Package RegistryApproved
P1		Build Management
  • Publishes and shares packages as dependencies in downstream projects
  • GitLab
Container RegistryApproved
P1		Build Management
  • Stores container images for projects
  • GitLab
Dependency ManagementUnder review
P1		Build Management
  • Manages dependencies to external packages and containers within the project (language specific)
Release EvidenceApproved
P1		Build Management
  • A JSON file containing a snapshot of data (packages, containers, code versions) related to a build
  • GitLab
Secure
SASTApproved
P1		Security
  • Static application analysis (source detection, sink detection, cross-function analysis, cross-file analysis, etc.)
  • GitLab
Secret DetectionApproved
P1		Security
  • Scans code for hardcoded secrets
  • GitLab
Code Quality AnalysisApproved
P1		Security
  • Analyzes code with language-specific models to improve quality and avoid anti-patterns
  • GitLab
  • SonarSource
DASTUnder review
P2		Security
Fuzz TestingUnder review
P2		Security
  • DAST-style random input testing to harden an application
  • GitLab
Dependency AnalysisUnder review
P2		Security
  • Scans dependencies for known vulnerabilities
  • GitLab
Release
Continuous DeliveryApproved
P1		Build Management
  • Automated software release
  • GitLab
Review AppsApproved
P1		Build Management
  • Environments that are automatically provided to showcase product changes
  • GitLab
Configure
Secrets ManagementUnder review
P1		Security
Infrastructure as CodeUnder review
P1		Infrastructure Management
  • Automated configuration, management, set-up and tear-down of infrastructure
  • Terraform
Monitor
Operational ObservabilityUnder review
P2		Monitoring
TelemetryUnder review
P2		Monitoring
Integrated DashboardUnder review
P2		Monitoring
  • Visualization dashboard to provide real-time data on server, application, infrastructure, and business metrics
  • Grafana
  • Prometheus
Protect
Container ScanningApproved
P1		Security
  • SAST vulnerability scans on containers (including 3rd party containers)
  • GitLab

All material copyright © 2011–2026 Boss Logic, Inc., all rights reserved. Unauthorized reproduction prohibited. Paying customers of Boss Logic, Inc., subscribers to the Customer Obsessed Engineering newsletter, Waste Walk or the Delivery Playbook have a limited license to reuse materials for their personal use.

Want to adopt the Delivery Playbook at your organization? Learn more here.