Encode your release rules once. Every release is checked, with evidence.
Release criteria that live in wiki pages and tribal knowledge do not get enforced. ReARM turns them into policies that run against every release, automatically.
Draft, assembled, approved or rejected
Approval policies and a release lifecycle enforced automatically on every release. No release reaches approved without passing the rules your organization set.
Reject release if critical or high vulnerabilities > 0
That is an actual policy rule, and this is an actual release it rejected. Not a mockup: the screenshot shows the rule and the REJECTED release side by side.
What a blocked release looks like
A failed check on the pipeline, an annotation on the pull request, a release that cannot proceed. Rejection is visible where engineers work, not buried in a dashboard.
Who approved, when, against what
Every approval records who or what approved, when, and against which evidence snapshot. Years later, the answer is still there.