Connectors
Connect one scoped source first. Expand only when evidence quality is clear.
Connectors should be selective: namespace, app, query, project, release, or service scope. Do not grant broad cluster or organization access just to make the product look automatic.
Connector matrix
The matrix separates implemented evidence paths from detected candidates and planned integrations. A listed provider is not a claim of credentialed live sync until the status says native pull and the customer supplies the required scoped credential or service account.
Native pull
Release Passport has a native adapter path, but live provider access still needs scoped endpoint and credential configuration when the provider requires auth.
Evidence ingest
The provider can attach normalized evidence through CLI/API/upload without Release Passport polling the provider by default.
Detected candidate
The installer or detector can recognize this provider and guide setup, but it is not claimed as full live sync by default.
Manual connector
Customer-defined endpoint or manual evidence path with sanitized health checks and explicit operator scope.
Planned
Roadmap item; do not treat this as available live connector behavior.
Requires credential
Live sync requires customer-provided provider token, secret reference, or service account before it can be validated.
ConnectorGitHub Actions
CategoryCI/CD
StatusEvidence ingest
CredentialOptional for API pull
EvidenceRun ID, source SHA, artifact digest, job status.
ConnectorGitLab CI
CategoryCI/CD
StatusNative pull
CredentialRequired for live project read
EvidencePipeline status, jobs, source, deploy metadata.
ConnectorJenkins
CategoryCI/CD
StatusNative pull
CredentialRequired for live job read
EvidenceBuild result, artifact, environment, deploy job.
ConnectorKubernetes
CategoryRuntime
StatusNative pull
CredentialScoped service account
EvidenceDeployment readiness, replicas, restarts, namespace scope.
ConnectorArgo CD
CategoryGitOps
StatusNative pull
CredentialRequired for live app read
EvidenceSync status, health, revision, rollback target.
ConnectorFlux
CategoryGitOps
StatusDetected candidate
CredentialRequired when promoted to live read
EvidenceDetected GitOps scope and manual evidence path.
ConnectorPrometheus
CategoryMetrics
StatusNative pull
CredentialOptional depending on endpoint auth
EvidenceAllowlisted error rate, latency, saturation, freshness.
ConnectorSentry
CategoryErrors
StatusRequires credential
CredentialRequired for live project read
EvidenceIssue count, release regression, crash/error spike.
ConnectorPagerDuty
CategoryIncidents
StatusRequires credential
CredentialRequired for live service read
EvidenceActive incident state and release risk context.
ConnectorJira
CategoryWork item
StatusRequires credential
CredentialRequired for live issue read
EvidenceChange approval, linked ticket, approver state.
ConnectorSlack/email
CategoryCommunication
StatusEvidence ingest
CredentialWebhook/email provider required for send
EvidenceNotification delivery and approval workflow evidence.
ConnectorSonarQube
CategoryQuality
StatusRequires credential
CredentialRequired for live project read
EvidenceQuality gate and scan result evidence.
ConnectorDatadog
CategoryObservability
StatusRequires credential
CredentialRequired for live metrics/log read
EvidenceMetrics, monitors, logs, and service health.
ConnectorNew Relic
CategoryObservability
StatusRequires credential
CredentialRequired for live account read
EvidenceAPM health and regression signals.
ConnectorLaunchDarkly
CategoryRollout
StatusRequires credential
CredentialRequired for live project read
EvidenceFlag rollout status and guarded rollout context.
ConnectorArgo Rollouts
CategoryRollout
StatusDetected candidate
CredentialScoped cluster access when enabled
EvidenceCanary/analysis status via runtime scope.
ConnectorFlagger
CategoryRollout
StatusDetected candidate
CredentialScoped cluster access when enabled
EvidenceCanary analysis and rollout condition.
ConnectorTrivy
CategorySecurity
StatusEvidence ingest
CredentialNo live credential for uploaded reports
EvidenceVulnerability scan artifact and summary.
ConnectorSnyk
CategorySecurity
StatusRequires credential
CredentialRequired for live org/project read
EvidenceSecurity issue and policy result.
ConnectorServiceNow
CategoryChange
StatusRequires credential
CredentialRequired for live change read
EvidenceChange ticket state and approval context.
ConnectorLinear
CategoryWork item
StatusRequires credential
CredentialRequired for live issue read
EvidenceIssue state and release approval context.
ConnectorCustom webhook/manual evidence
CategoryCustom
StatusManual connector
CredentialCustomer-defined secret ref if needed
EvidenceCustomer-defined health or evidence payload.
ConnectorMobile/WebView regression
CategoryDifferentiator
StatusPlanned
CredentialTBD
EvidenceScreenshot, console, and network regression evidence.
| Connector | Category | Status | Credential | Evidence |
|---|---|---|---|---|
| GitHub Actions | CI/CD | Evidence ingest | Optional for API pull | Run ID, source SHA, artifact digest, job status. |
| GitLab CI | CI/CD | Native pull | Required for live project read | Pipeline status, jobs, source, deploy metadata. |
| Jenkins | CI/CD | Native pull | Required for live job read | Build result, artifact, environment, deploy job. |
| Kubernetes | Runtime | Native pull | Scoped service account | Deployment readiness, replicas, restarts, namespace scope. |
| Argo CD | GitOps | Native pull | Required for live app read | Sync status, health, revision, rollback target. |
| Flux | GitOps | Detected candidate | Required when promoted to live read | Detected GitOps scope and manual evidence path. |
| Prometheus | Metrics | Native pull | Optional depending on endpoint auth | Allowlisted error rate, latency, saturation, freshness. |
| Sentry | Errors | Requires credential | Required for live project read | Issue count, release regression, crash/error spike. |
| PagerDuty | Incidents | Requires credential | Required for live service read | Active incident state and release risk context. |
| Jira | Work item | Requires credential | Required for live issue read | Change approval, linked ticket, approver state. |
| Slack/email | Communication | Evidence ingest | Webhook/email provider required for send | Notification delivery and approval workflow evidence. |
| SonarQube | Quality | Requires credential | Required for live project read | Quality gate and scan result evidence. |
| Datadog | Observability | Requires credential | Required for live metrics/log read | Metrics, monitors, logs, and service health. |
| New Relic | Observability | Requires credential | Required for live account read | APM health and regression signals. |
| LaunchDarkly | Rollout | Requires credential | Required for live project read | Flag rollout status and guarded rollout context. |
| Argo Rollouts | Rollout | Detected candidate | Scoped cluster access when enabled | Canary/analysis status via runtime scope. |
| Flagger | Rollout | Detected candidate | Scoped cluster access when enabled | Canary analysis and rollout condition. |
| Trivy | Security | Evidence ingest | No live credential for uploaded reports | Vulnerability scan artifact and summary. |
| Snyk | Security | Requires credential | Required for live org/project read | Security issue and policy result. |
| ServiceNow | Change | Requires credential | Required for live change read | Change ticket state and approval context. |
| Linear | Work item | Requires credential | Required for live issue read | Issue state and release approval context. |
| Custom webhook/manual evidence | Custom | Manual connector | Customer-defined secret ref if needed | Customer-defined health or evidence payload. |
| Mobile/WebView regression | Differentiator | Planned | TBD | Screenshot, console, and network regression evidence. |
Orchestration
Read runtime readiness from Kubernetes, Docker Compose, Nomad, ECS, or manual runtime targets.
Metrics
Read allowlisted signals such as p95, error rate, saturation budget, and request volume from Prometheus, OTLP, Datadog, or equivalent tools.
Logs
Read redacted log evidence from Loki, OpenSearch, Elasticsearch, CloudWatch, or customer log stores.
CI/CD and GitOps
Read pipeline run, artifact, source SHA, approval, deploy job, sync, revision, and rollback metadata.
Incidents and errors
Read scoped release/project error and incident signals from Sentry, PagerDuty, Opsgenie, or equivalent tools.
Manual evidence
Advanced debug fallback, not the main operating model.
Connector scope model
ConnectorOrchestration
Minimum useful scopeNamespace, Compose project, Nomad job, ECS service, or manually declared runtime target.
Evidence examplesAvailable replicas, rollout condition, container health, recent restarts, declared target state.
AvoidCluster-admin or host-wide access when a service scope is enough.
ConnectorMetrics
Minimum useful scopeBase URL plus allowlisted queries and service labels.
Evidence examplesp95 latency, error rate, saturation, request volume, freshness.
AvoidUnbounded query access or secret-bearing labels.
ConnectorLogs
Minimum useful scopeRedacted query allowlist scoped to service/release/environment.
Evidence examplesError burst, startup failure, rollback marker, incident correlation.
AvoidRaw sensitive logs or organization-wide search tokens.
ConnectorCI/CD and GitOps
Minimum useful scopePipeline/project/repository plus specific deployment app names.
Evidence examplesRun ID, job status, artifact digest, approval job, deploy stage, sync health, target revision.
AvoidPersonal access tokens with broad repository access.
ConnectorIncidents and errors
Minimum useful scopeProject/release or service incident scope.
Evidence examplesNew issue count, crash-free sessions, error spike, active incident state.
AvoidOrganization-wide incident/error data unrelated to the service.
ConnectorManual evidence
Minimum useful scopeOperator-provided debug evidence with reason and actor.
Evidence examplesEmergency approval context, temporary waiver note, external scan result.
AvoidUsing manual evidence as the normal automation path.
| Connector | Minimum useful scope | Evidence examples | Avoid |
|---|---|---|---|
| Orchestration | Namespace, Compose project, Nomad job, ECS service, or manually declared runtime target. | Available replicas, rollout condition, container health, recent restarts, declared target state. | Cluster-admin or host-wide access when a service scope is enough. |
| Metrics | Base URL plus allowlisted queries and service labels. | p95 latency, error rate, saturation, request volume, freshness. | Unbounded query access or secret-bearing labels. |
| Logs | Redacted query allowlist scoped to service/release/environment. | Error burst, startup failure, rollback marker, incident correlation. | Raw sensitive logs or organization-wide search tokens. |
| CI/CD and GitOps | Pipeline/project/repository plus specific deployment app names. | Run ID, job status, artifact digest, approval job, deploy stage, sync health, target revision. | Personal access tokens with broad repository access. |
| Incidents and errors | Project/release or service incident scope. | New issue count, crash-free sessions, error spike, active incident state. | Organization-wide incident/error data unrelated to the service. |
| Manual evidence | Operator-provided debug evidence with reason and actor. | Emergency approval context, temporary waiver note, external scan result. | Using manual evidence as the normal automation path. |
Connector evidence shape
What a connector should answer
Which workspace, service, and environment does this evidence apply to?
When was it observed and when does it become stale?
What fact was checked and what threshold was used?
Was the result passed, failed, pending, or unavailable?
What operator action should happen if this fact fails?
evidence summary
{
"connector": "prometheus",
"scope": {
"workspaceId": "workspace-acme-prod",
"service": "checkout-api",
"environment": "production"
},
"freshness": {
"observedAt": "2026-05-03T09:30:00Z",
"maxAgeSeconds": 300
},
"facts": [
{
"name": "error_rate",
"status": "passed",
"value": "0.02%",
"threshold": "< 1%"
},
{
"name": "p95_latency",
"status": "passed",
"value": "142ms",
"threshold": "< 500ms"
}
]
}