A Delivery Evidence report is a single audit document for one deploy. It fuses the Functional Regression and Security Regression results for that exact deploy into one white page, with a header that fixes what was tested and a conclusion that cites the runs it draws from.
You reach it from the Evidence link on a completed suite-run row under Assure > Assurance — see Run an assurance suite for how to get there. The link appears only once a run has finished and is pinned to a deploy.
This page is a field-by-field reference. For the broader project audit summary across a time range, see the Delivery & Governance Report.
At the top of the page
Above the document are two controls and a hint:
- Back to Assurance returns you to the suites hub.
- The (i) hint reads: “One audit-evidence package for a single deploy: the functional and security regression results for that commit fused together, with a content hash and a conclusion that cites the runs it draws from. Export it as a PDF.”
- Export PDF downloads the document. It stays disabled until the report finishes loading.
If the report can’t load, you’ll see Failed to load evidence report with a Retry option.
The header
The document opens with a heading reading {project name} — Delivery Evidence (for example, “Acme Web — Delivery Evidence”), followed by these fields:
| Field | What it records |
|---|---|
| Deploy | The deploy this report is pinned to, shown with its reference name when one exists. |
| Generated | The timestamp the report was produced. |
| Targets | The deploy targets the suites ran against, joined with ; — or — when none are recorded. |
| Source runs | The Regression and Security Regression runs the report draws from, each shown after the targets line when present (regression run …, security run …). |
| Content hash (sha256) | A fingerprint of the report’s contents, so the document can be checked for tampering. |
The header is the audit anchor: it ties every result below to one specific deploy.
Functional Regression
The Functional Regression section lists the scenario results for this deploy.
- A two-column table headed Scenario and Status. Each row shows the scenario title (plus its description when set) and the outcome.
- If a comparison exists, a Delta vs previous run: line summarizes the change, joining any of
{n} newly-broken,{n} fixed,{n} still-broken, and{n} flaky— or the literal no change when nothing moved. - If any surfaces were measured as untested, a Coverage gaps: line lists them.
If no functional run was recorded for the deploy, the section reads instead: No completed functional regression run recorded for this deploy.
Security Regression
The Security Regression section summarizes the security results for this deploy.
- A summary sentence: {N} control(s) held (positive evidence); {M} open finding(s). The held controls are the protections confirmed in place; the open findings are the weaknesses still outstanding.
- When findings exist, a table headed Finding, Status, and Root cause / remediation. Each row shows the finding title (plus its surface when set), its status, and the root cause — with any suggested fix appended as
(fix: …). - If any previously fixed finding has come back, a Security regression (fixed → reopened): line lists the reopened items.
If no security run was recorded for the deploy, the section reads instead: No completed security regression run recorded for this deploy.
Conclusion
The Conclusion section is a short quoted block summarizing the evidence above. Its wording is drawn from the specific runs, so it reflects what this deploy’s results actually showed.
The footer
Every report closes with the same line:
Audit-evidence input — supports, but does not replace, independent sign-off.
The report is evidence you can hand to a reviewer or auditor — not a substitute for their sign-off.
Exporting
Select Export PDF to download the document. The file is named evidence- followed by the start of the deploy’s commit identifier (for example, evidence-3f8a91c2d0). The PDF carries the same header, both regression sections, the conclusion, and the footer — a self-contained record of one deploy’s evidence.