CloudBees CI and CloudBees CD Add New DevSecOps Capabilities
September 24, 2020

CloudBees announced a robust new set of DevSecOps capabilities for CloudBees CI and CloudBees CD.

The new capabilities enable customers to perform early and frequent security checks and ensure that security is an integral part of the whole software delivery pipeline workflow, without sacrificing speed or increasing risk.

New functionality includes integration of feature flag capabilities within the continuous integration (CI) and continuous delivery (CD) environments, enhanced Role-Based Access Control and more robust disaster recovery capabilities.

With CloudBees CI and CloudBees CD solutions, users get access to several layers of security within the software delivery process. Rather than having to manually incorporate security steps on an ad hoc basis as a last step in the release process, security is infused within the software process from code to production. The new security features automate processes with proven integrations, hardened audit-ready pipelines and the ability to instantly mitigate defective code.

“Companies need to innovate faster, but if they don’t integrate security early and often they expose themselves to a number of risks,” said Shawn Ahmed, SVP and GM, Software Delivery Automation, CloudBees. “With CloudBees they can remove those risks. Tapping the power of our market-leading CI and CD solutions, they can keep moving at high speed with full confidence that their code is secure in development, secure in delivery and secure in production.”

CloudBees builds security functionality into its products in the following ways:

- Feature flag integration – New features can be quickly pushed to production following an automated process. If issues crop up in production, that specific feature can be immediately pulled back and full traceability of what happened automatically provided.

- Enhanced granularity in Role-Based Access Control – Fine-grained permissions are able to be set by team, user and even at the file level to ensure only authorized users access project assets, as needed, to perform their job. New capabilities released in CloudBees CI allow team leaders to manage non-security related configuration settings on their controllers - without granting them the powerful overall/administrator permission.

- Enhanced backup, restore and recovery – CloudBees is extending Velero to CloudBees CI for backup, restore and recovery use cases. Velero is not only a superior solution for disaster recovery use cases, but is also purpose-built for Kubernetes. Kubernetes support brings valuable capabilities for cluster migration and portability to CloudBees CI. This technology is already being used in CloudBees CD.

- Audit-ready pipelines – Hardened audit-ready pipelines ensure only immutable, approved components and environments are used, preventing drift and tampering. This provides full traceability and audit reports in an instant.

- Hardened CloudBees CI – CloudBees developed a hardened version of its industry-leading continuous integration solution that meets strict government specifications for security, certified to DoD standards.

- Proven integrations – Proven integrations to many leading security automation applications, such as Anchore, Alcide.io, CyberArk, Checkmarx, Contrast Security, FOSSA, RunSafe Security, Shiftleft.io, Snyk, Sonatype, Synopsys, WhiteSource Software and Zimperium provide increased protection against outside risks.

Share this

Industry News

October 29, 2020

Cisco announced new software-delivered solutions designed to simplify IT operations across on-premise data centers and multicloud environments.

October 29, 2020

Bugsnag announced availability of user stability analytics, which will help developers gain a clearer understanding of how application errors are impacting the user experience and other key performance indicators (KPIs) for the business, as well as offer insights on whether to fix bugs or build new features.

October 29, 2020

HAProxy Technologies announced an open-source release of a VMware Open Virtual Appliance (OVA) virtual machine image of the HAProxy load balancer for vSphere, which HAProxy Technologies will maintain on GitHub.

October 28, 2020

Progress announced a number of new innovations designed to facilitate adoption and at-scale deployment of Chef offerings for both new and experienced users of the DevSecOps portfolio.

October 28, 2020

StackRox announced the release of KubeLinter, its new open source static analysis tool to identify misconfigurations in Kubernetes deployments.

October 28, 2020

Vercel announced Next.js 10 featuring a number of new capabilities that accelerate frontend developers’ ability to enrich end users’ web experiences globally.

October 27, 2020

ThinkTank has released a suite of applications designed to keep distributed agile teams aligned and engaged, regardless of physical location.

October 27, 2020

Cloudify, a Service Orchestration and Automation Platform, announced its latest 5.1 product release which aims to take one step further to permanently remove silos and roadblocks that are consistently associated with migration to the public cloud.

October 27, 2020

WhiteSource announced its new native integration for Microsoft Azure DevOps services.

October 26, 2020

NetApp unveiled a new serverless and storageless solution for containers from Spot by NetApp, a new autonomous hybrid cloud volume platform, and cloud-based virtual desktop solutions.

October 26, 2020

GeneXus released GeneXus 17, a new version of its platform that empowers enterprises to create and evolve new applications at unprecedented speed.

October 26, 2020

Alcide announced the company’s security solutions are now integrated with AWS Security Hub, sending real-time threat intelligence and compliance information to Amazon Web Services (AWS) for easy consumption by Security and DevSecOps teams.

October 22, 2020

Puppet announced Puppet Comply, a new product built to work with Puppet Enterprise aimed at assessing, remediating, and enforcing infrastructure configuration compliance policies at scale across traditional and cloud environments.

October 22, 2020

Harness announced two new modules: Continuous Integration Enterprise and Continuous Features.

October 22, 2020

Render announced automatic preview environments which are essential for rapid and collaborative development of modern applications.