CloudBees Platform: November 2024 Edition

As the year winds down, 2025 wish lists are formed. When it comes to software delivery, there are several questions you’re likely mulling over.

How quickly were you able to spot, categorize, and eliminate vulnerabilities? How is this impacting your brand's reputation? How effective were you at keeping developers on task? How are you automating painful processes? What would you do if these blockers were removed?

The CloudBees platform is designed to differentiate you from a crowded market and continues to deliver features focused on driving value. Here’s a quick recap of what was introduced in November.

Context switching is a drain on developers' productivity, with studies showing it takes 23 minutes to regain focus. When managing flag changes, asking your developer to leave Git and make changes from a separate tool if often met with a deep sigh. Introducing configuration as code (CasC).

Configuration as code is now available and offers a GitOps strategy that bridges feature management entities in the UI with YAML files stored in SCM. This connection allows teams to modify and store flag configurations using their preferred interface, ensuring changes are synchronized and seamlessly delivered to end users via the flag service layer. It reduces the noise of context switching.

To get started with configuration as code for feature flags and for practical examples, visit our docs.

Provide users with the appropriate level of access through custom roles

Now, you can create custom user roles to tailor access control for your team with greater precision. This powerful new feature enhances security by allowing you to assign users the exact access they need to perform in the platform. While our standard predefined roles remain available, leveraging custom roles allows you to achieve even more control.

To get started, create your custom role under the Admin settings, and then you can assign it with access control when you invite new users to the platform. For example, you could create roles such as Pipeline Executor or Dashboard Viewer. To find out more about our custom roles, please visit our docs.

Manual approvals are now available for workflows. They allow authors to insert an approval in a workflow definition so that the workflow run will pause and only continue when a specific named user intervenes (approves or rejects). This way, a human operator can assess whether it is appropriate for a workflow to continue. Learn more in our docs.

Customize your SLA configurations to triage security vulnerabilities

A new Service Level Agreement (SLA) feature is now available on the CloudBees platform. With this feature, admins can define the configuration at the root org level and override it at the sub-org level. This will enable admins to set clear and measurable service level benchmarks for different severities.

This new feature includes viewing summary data and filtering findings based on SLA statuses to focus on those breached or within the SLA deadline.

Create SBOMs with built-in security scans with ease

Every 17 minutes, a new security vulnerability is published, accounting for 30,917 new CVEs in 2023. When exploits emerge, it becomes an all-hands-on-deck exercise to uncover where the vulnerability exists and inform remediation. This is a massive time drain without a software bill of materials (SBOM). Our latest feature allows customers to build out SBOMs by scanning binary images and containers built by the pipeline. This is done through implicit orchestration, meaning there’s nothing you need to configure. As a user, this will enable you to view SBOM for the binary artifacts and export in 2 formats (CSV and CycloneDX) to ensure compliance, facilitate audits, and improve security visibility across the supply chain.

Visit the changelog for previous feature releases and continuous updates every 2 weeks. Please note that changelog items are ordered based on publication date, not product availability.