Skip to content

Pre-Deployment Checklist

  • Version is SemVer and matches package metadata.
  • Image digest is captured.
  • SBOM is generated.
  • Image signature is available or the exception is documented.
  • Secret scan passed.
  • SAST and SCA findings are reviewed.
  • IaC and Kubernetes manifests are validated.
  • Admission policies are expected to pass.
  • Deployment diff is reviewed.
  • Rollback digest is known.
  • Health check endpoint is documented.
  • Alert coverage exists for the changed component.