When the auditor asks

The auditor's email lands at 4pm Friday: "Please provide evidence of what software was running in your payment service on March 15th." You check your monitoring—logs go back 30 days. It's December. The compliance deadline is Monday.

The Problem

Without continuous capture:

  • Point-in-time evidence doesn't exist after the moment passes
  • Image scans show what was deployed, not what was running
  • No proof that runtime state matched declared state
  • Manual evidence collection is error-prone and incomplete
  • Audit findings: "Insufficient evidence for control verification"

How reel Helps

Scheduled captures create audit trail

Define capture schedules in Kubernetes annotations. Evidence is collected automatically, continuously, version-controlled with your code.

deployment.yaml
metadata:
  annotations:
    reel.io/schedule: |
      # Daily checkpoint for compliance
      0 0 * * * | export checkpoint --s3-bucket compliance-evidence
      # SBOM after every checkpoint
      next      | export sbom --format cyclonedx
      # Cryptographic inventory weekly
      0 0 * * 0 | export cbom
terminal
$ reel list checkpoints --namespace prod --since 2024-03-01

CHECKPOINT                           TIMESTAMP              S3 LOCATION
chk-payment-20240315-000000          2024-03-15 00:00:00   s3://compliance/chk-payment-20240315-000000.tar
chk-payment-20240316-000000          2024-03-16 00:00:00   s3://compliance/chk-payment-20240316-000000.tar
...

Immutable export to S3

Checkpoints export to S3 with Object Lock. Timestamps are verifiable. Evidence cannot be modified after the fact.

Compliance artifacts on demand

SBOM, CBOM, and checkpoint data available for any captured point in time.

terminal
$ reel export sbom --checkpoint chk-payment-20240315-000000

SBOM exported: sbom-payment-20240315-000000.json
Format: CycloneDX 1.5
Packages: 247
Vulnerabilities: 0 CRITICAL, 2 HIGH, 5 MEDIUM

The Outcome

When the auditor asks "what was running on March 15th," you have:

  • Complete software inventory (SBOM)
  • Cryptographic asset inventory (CBOM)
  • Memory and process state (checkpoint)
  • Filesystem state (layer)
  • All with verifiable timestamps and immutable storage

Audit finding: "Control verified with comprehensive evidence."

Start collecting evidence today

Coming soon. Deploys in minutes. Join the waitlist for early access.

Next: When containers drift →