Morioh
Login
Loma Baumbach

Loma Baumbach

3 years ago

CloudBees has expanded its CI/CD platform to include a wider range of security features that the company says offers DevSecOps teams more visibility and control throughout the software production and deployment lifecycle. The announcement also reflects one of CloudBees’ themes, echoed during this week’s DevOps World 2020, about why many organizations need to better integrate all stakeholders that constitute DevOps — including security teams — and why the right tools are required to support that.

As one of the “core tenants of security,” the idea is “to be secure in every single part of the toolchain: secure in development, secure in delivery and secure in production,” CloudBees’ Buffi Gresh, vice president, product business teams, said during her DevOps World keynote this week.

Gresh described how the right tools could — and should — offer canary testing or feature flags for DevSecOps. “Think about a world where every single feature release is behind a flag: The ability to pull back anything and everything in a millisecond,” Gresh said. “This is an important addition to your production security story, and one that I would argue is the most powerful: instantly mitigate effective code in production, without having to redeploy the power of a feature kill switch.”

CloudBees communicated the following new SecOps-related features for its CI/CD platform:

  • “Audit-ready” pipelines: to help ensure only immutable and approved components and environments are adopted during the application development and deployment lifecycle, with traceability and audit reports.
  • Feature flagging integration: An automated capability that allows specific application components or features to be rolled back at any time through the development process and once the application is deployed if security issues occur, with traceability capabilities.
  • Hardening CloudBees CI: for strict government specifications, such as DoD standards.
  • Role-based access controls: Teams or designated users have security permissions that extend to the file level to help ensure only authorized users access project components on an as-needed basis.
  • Integrations: Integration options with security automation applications from Anchore, Alcide.io, FOSSA, CyberArk, Checkmarx, Contrast Security, Shiftleft.io, Snyk, RunSafe Security, Sonatype, WhiteSource Software, Synopsys and Zimperium.

#ci/cd #devops #security #profile #sponsored

CloudBees CI/CD Widens Access and Control for SecOps

thenewstack.io

CloudBees CI/CD Widens Access and Control for SecOps

At DevOps World 2020, CloudBees has expanded its CI/CD platform to include a wider range of security features that the company says offers DevSecOps teams more visibility and control throughout the software production and deployment lifecycle.

1.10 GEEK