CloudBees Releases Hardened CloudBees CI
June 09, 2020

CloudBees unveiled a hardened version of CloudBees CI, a continuous integration (CI) solution.

The new version meets the United States Department of Defense (DoD) specifications for security, one of the most demanding security certifications in the world.

The new release of CloudBees CI (formerly known as CloudBees Core) is available immediately and enables DoD and civilian agencies of the U.S. federal government, as well as enterprises in private industry, to drive more value through their software delivery pipelines while lowering security risk.

Federal government agencies facing time-to-mission pressures are trying to automate pipelines to accelerate the building of new applications and add urgently needed functionality to existing applications. But they’re constrained by Information Assurance guidelines requiring CI tools to pass advanced security certifications. The hardened version of CloudBees CI provides a container that has achieved a Certificate to Field (CtF) from the U.S. Air Force Platform One team. Platform One is the official DevSecOps Enterprise Services team for the DoD.

A CtF is a formal certification given by the U.S. Air Force Platform One team. Software containers that receive a CtF can be used to deploy a platform within a specific environment that has received an Authority to Operate (ATO). An ATO certification means that a platform meets security standards as set forth by DISA STIG and NIST RMF guidelines. Platform One provides platforms that are already accredited and can only use containerized software with an approved CtF.

“With the CtF, CloudBees CI can be readily used by DoD agencies, as well as civilian agencies and federal system integrators (FSIs),” said Michael Wright, Director, Federal Sector, at CloudBees. “It provides all the benefits of CI in a Jenkins environment, and it meets rigorous government standards for security and compliance.”

CloudBees CI is built on Jenkins, a popular automation server. CloudBees CI provides flexible, governed CI and can be hosted on-premise, in the public cloud or in a hybrid environment. It enables teams to centrally manage software development tools, optimize software delivery velocity, maximize developer team efficiency and enforce global compliance policies.

CloudBees CI provides a hardened Docker container image which is placed in the Department of Defense Centralized Artifact Repository (DCAR), the storage repository maintained by the DoD. Teams from any DoD or civilian agency can access and simply pull the hardened Docker container image out of DCAR. The solution has been engineered to minimize the use of any libraries or components that have known security vulnerabilities. For example, if a team uses a library to execute http communication between a CloudBees CI master and agent, the functionality within CloudBees CI ensures secure ports and protocols are used at both ends.

The new hardened version of CloudBees CI can not only help agencies transform to secure DevSecOps processes – but also enterprises operating in highly regulated industries or those simply wanting heightened security capabilities.

Share this

Industry News

December 03, 2020

Copado announced its Winter 21 release, providing end-to-end DevOps value stream management platform for Salesforce.

December 03, 2020

MayaData and Platform9 announced a collaboration for the deployment and operation of performance-sensitive stateful workloads on Kubernetes.

December 03, 2020

Harness announced first-class integration with Amazon Elastic Container Service (ECS) Container Orchestration, enabling mission-critical applications to run in Docker containers with less scripting and redundancy, and out-of-the-box deployment strategies.

December 02, 2020

Amazon Web Services (AWS), an Amazon.com company, announced Amazon DevOps Guru, a fully-managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issues and recommending specific actions for remediation.

December 02, 2020

Salesforce and Slack Technologies have entered into a definitive agreement under which Salesforce will acquire Slack.

December 02, 2020

Kasten by Veeam announced Kasten K10 v3.0.

December 02, 2020

Mattermost announced the launch of Mattermost Cloud, a new SaaS platform that is designed to optimize collaboration for DevOps teams and privacy-conscious enterprises.

December 01, 2020

CloudBees announced a virtual launch event on December 10 to formally release the first two modules of its Software Delivery Management solution: CloudBees Engineering Efficiency and CloudBees Feature Management.

December 01, 2020

GitOps creator Weaveworks announced the availability of release 2.4 of Weave Kubernetes Platform (WKP).

December 01, 2020

Adaptavist has joined the Sonatype partner program as a Platinum Enterprise Partner.

November 30, 2020

Shipa is open sourcing Ketch, Shipa's deployment engine, under Apache License Version 2.0.

November 30, 2020

Portworx by Pure Storage announced its qualification and support of Portworx Enterprise for Google Cloud's Anthos on bare metal.

November 30, 2020

SnapLogic now supports SaaS contracts in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.