The CloudBees Platform just turned one. Since launch, our product and engineering teams have been busy developing new features to enhance security, performance, and reliability. Each month, we’ll recap the latest features and functionality you have available.
Enhance security and adhere to compliance requirements using Managed VPC
We’ve rolled out a new hosting model for customers that require dedicated infrastructure.
CloudBees Managed VPC is a single-tenant model that provides organizations with a dedicated instance of the CloudBees platform owned and managed by CloudBees and hosted on AWS. It is designed for enterprises handling sensitive information or who operate in industries requiring data storage and access requirements to meet compliance.
CloudBees Managed VPC allows extra network flexibility for customers with requirements not met by multi-tenant. For instance, it will enable the CloudBees platform to reach your private network without fear that other tenants can access your networking settings.
Give your SREs control over when workflows run
Scheduled workflow triggers offer the latest mechanism for running workflows in the CloudBees platform. They are designed to automate software delivery processes on a scheduled date and time without human intervention. Examples of tasks that warrant scheduling include security patches and updates, system backups, and infrastructure health checks.
Scheduling these tasks in advance allows SRE teams to plan around low-traffic periods to reduce the impact on end users. They improve the resilience of the overall system with consistent maintenance and shorten incident response times. These support SRE teams in maintaining robust and secure systems that enhance customer satisfaction.
Conquer alert storms with centralized security insights
The State of Cloud Native Security 2024 report states that organizations use, on average, 16 cloud security tools. This generates 1000s of alerts daily, which can be crippling for SecOps teams to analyze. This leads to 38% of respondents attributing “noise” to delays and 90% wanting better risk prioritization.
CloudBees helps address these challenges in a streamlined view through our Security Center, which provides a single location to review security issues, findings, and their severity. It automatically triggers an implicit security analysis whenever you create a component or commit changes to the repository linked to a component. The scan details are displayed with a rich context, such as the line of code where a security issue is discovered and details from the security tool, including reference links and remediation suggestions.
The security center helps SOC analysts make sense of alert storms by quickly categorizing them based on severity. By proactively addressing security issues, you can limit downtime to improve your brand reputation for existing and prospective customers.
Introducing 3rd party marketplace for implicit security scanning tools
CloudBees Platform integrates third-party security tools, such as SAST or DAST scanners, for use in implicit security assessments. These tools are activated from the Marketplace.
Our initial release includes open-source scanners, including Gitleaks, Scc, Njsscan, Gosec, Trivvy, FindSecBugs, Grype, and Syft SBOM. Our integrations will be updated regularly to support the most common security tools.
What’s next
We will continue this blog monthly to keep you up-to-date on the latest features. Our November edition will be released in December, expanding into feature management, continuous deployment, and more.
Visit the changelog for previous feature releases and continuous updates every 2 weeks. Please note that changelog items are ordered based on publication date, not product availability.