Pipeline Step Ownership

Each pipeline step has an owner.

Each pipeline step has an owner

Lint, security scan, integration tests, deploy: each owned by a specific team. The owner gets paged when the step breaks.

Without ownership, steps go stale. The team that built the security scan moves on; the scan rots.

Ownership is metadata in the pipeline config. CI emits the owner on failure.

Common ownership splits

Application code tests: service team.

Security scans (SAST, secret scan, container scan): security team.

Build/deploy infrastructure: platform/SRE team.

Dependency updates and vulnerability patches: shared between security and service team.

Escalation when steps break

Step fails on main branch: page the step owner immediately.

Step is broken for over 4 hours: escalate to the owner's manager.

Owner not responding: platform team takes temporary ownership and disables the step. Re-enable when fixed.

Audit ownership

Quarterly: list every pipeline step with its owner. Verify the owner is a current team.

Disowned steps get reassigned or removed. No step has "someone" as the owner.

Track: average time-to-fix per step. Slow steps signal weak ownership.

How to install ownership

Add owner labels to every CI job. GitHub Actions: `name: 'Lint (owned by: platform)'`. Or a YAML field surfaced in the failure notification.

Document escalation paths in the on-call runbook.

Make ownership review part of quarterly platform health check.