Pegasystems announced the general availability of Pega Infinity ’24.1™.
CircleCI released several new security and compliance capabilities to aid developers to trust and maintain the stability of their software.
“As the complexities of software development increases, there is a pertinent need for developer teams to more seamlessly integrate the latest and most advanced security features available,” said Jim Rose, CEO of CircleCI. “We are continuously evolving our security standards and introducing features that improve the security of our customers’ build pipelines and their ability to smartly manage risk.”
CircleCI’s platform additions include:
■ Flexible compliance with Config Policies
To provide customers an additional layer of control and compliance, CircleCI utilized Open Policy Agent, an industry standard policy engine, to create Config Policies, which offers the most flexible approach to organizational governance on the market today. Through self-serve configuration as code, they simultaneously allow for flexibility and individual team empowerment while also enabling greater organizational alignment.
CircleCI’s policy enforcement allows organizations to quickly apply common rules like orb allowances, or write deeply customized rules enforcing access to credentials, resources, and functions. Customers have the ability to enforce a multitude of company policy use cases spanning from cost-control to compliance. Such use cases include:
- Force security related jobs to run in pipelines
- Control how contexts are or are not being used
- Control use of docker containers and executors
- Allow and disallow specific orbs or versions
■ Server 4.1 with AirGap support
This release includes AirGap support. With this latest release, CircleCI’s server can now be installed on an isolated network and provide core functionality without access to an internet connection.
CircleCI server 4.1 is designed to meet the strictest security, compliance, and regulatory requirements. This self-hosted solution offers the ability to scale under load and run multiple services at once, all within a team's Kubernetes cluster and network with the full CircleCI cloud experience.
■ More granular secret enhancements
Integrations with OpenID Connect ID (OIDC) remove the need for customers to store long lived secrets (passwords, api keys, etc) in the CircleCI system. It provides a short lived token which can be used to access a system that supports OIDC and allows you to assign CircleCI as a trusted actor. OIDC support was recently enhanced to include granular control of CircleCI’s access in customer’s 3rd party tools like AWS.
Other secret enhancements include:
- Project restricted contexts that allow an organization to limit contexts to a specific set of projects.
- An updated Context UI that includes a “created at” and “updated” at timestamp. This allows customers to quickly assert the status of long lived secrets.
- A script for secret finding in order to create an actionable list for secrets rotation.
Industry News
Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.
GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.
Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.
Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.
Rafay Systems has extended the capabilities of its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.
NodeScript, a free, low-code developer environment for workflow automation and API integration, is released by UBIO.
IBM announced IBM Test Accelerator for Z, a solution designed to revolutionize testing on IBM Z, a tool that expedites the shift-left approach, fostering smooth collaboration between z/OS developers and testers.
StreamNative launched Ursa, a Kafka-compatible data streaming engine built on top of lakehouse storage.
GitKraken acquired code health innovator, CodeSee.
ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.
Security Innovation has added new skills assessments to its Base Camp training platform for software security training.
CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.
Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.
Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.