DEVOPSdigest

CloudBees announced a robust new set of DevSecOps capabilities for CloudBees CI and CloudBees CD.

The new capabilities enable customers to perform early and frequent security checks and ensure that security is an integral part of the whole software delivery pipeline workflow, without sacrificing speed or increasing risk.

New functionality includes integration of feature flag capabilities within the continuous integration (CI) and continuous delivery (CD) environments, enhanced Role-Based Access Control and more robust disaster recovery capabilities.

With CloudBees CI and CloudBees CD solutions, users get access to several layers of security within the software delivery process. Rather than having to manually incorporate security steps on an ad hoc basis as a last step in the release process, security is infused within the software process from code to production. The new security features automate processes with proven integrations, hardened audit-ready pipelines and the ability to instantly mitigate defective code.

“Companies need to innovate faster, but if they don’t integrate security early and often they expose themselves to a number of risks,” said Shawn Ahmed, SVP and GM, Software Delivery Automation, CloudBees. “With CloudBees they can remove those risks. Tapping the power of our market-leading CI and CD solutions, they can keep moving at high speed with full confidence that their code is secure in development, secure in delivery and secure in production.”

CloudBees builds security functionality into its products in the following ways:

- Feature flag integration – New features can be quickly pushed to production following an automated process. If issues crop up in production, that specific feature can be immediately pulled back and full traceability of what happened automatically provided.

- Enhanced granularity in Role-Based Access Control – Fine-grained permissions are able to be set by team, user and even at the file level to ensure only authorized users access project assets, as needed, to perform their job. New capabilities released in CloudBees CI allow team leaders to manage non-security related configuration settings on their controllers - without granting them the powerful overall/administrator permission.

- Enhanced backup, restore and recovery – CloudBees is extending Velero to CloudBees CI for backup, restore and recovery use cases. Velero is not only a superior solution for disaster recovery use cases, but is also purpose-built for Kubernetes. Kubernetes support brings valuable capabilities for cluster migration and portability to CloudBees CI. This technology is already being used in CloudBees CD.

- Audit-ready pipelines – Hardened audit-ready pipelines ensure only immutable, approved components and environments are used, preventing drift and tampering. This provides full traceability and audit reports in an instant.

- Hardened CloudBees CI – CloudBees developed a hardened version of its industry-leading continuous integration solution that meets strict government specifications for security, certified to DoD standards.

- Proven integrations – Proven integrations to many leading security automation applications, such as Anchore, Alcide.io, CyberArk, Checkmarx, Contrast Security, FOSSA, RunSafe Security, Shiftleft.io, Snyk, Sonatype, Synopsys, WhiteSource Software and Zimperium provide increased protection against outside risks.