Embed Security into Delivery Pipelines and Workflows

Go faster while making code and applications more secure.





I had the opportunity to speak with Sacha Labourey, CEO, CloudBees prior to their DevOps World user conference. During the opening keynote, Sacha talked about how companies today are pursuing digital transformation initiatives more aggressively, moving to the cloud, and adopting automation.


This acceleration has made DevSecOps critical to the transition since it enables companies to move faster while embedding security in every part of the SDLC. As such, CloudBees announced new DevSecOps capabilities for continuous integration (CI) and continuous delivery (CD) environments.


The new capabilities enable customers to perform early and frequent security checks and ensure that security is an integral part of the whole software delivery pipeline workflow without sacrificing speed or increasing risk. New functionality includes integration of feature flag capabilities within the CI and CD environments, enhanced Role-Based Access Control, and more robust disaster recovery capabilities.


Users get access to several layers of security in the software delivery process. Rather than manually incorporating security steps on an ad hoc basis as a last step in the release process, security is in the software process from code to production. The new security features automate processes with proven integrations, audit-ready pipelines, and the ability to instantly mitigate defective code.


“Companies need to innovate faster, but if they don’t integrate security early and often they expose themselves to a number of risks,” said Shawn Ahmed, Senior Vice President and General Manager, Software Delivery Automation, CloudBees. “With CloudBees they can remove those risks. Tapping the power of our market-leading CI and CD solutions, they can keep moving at high speed with full confidence that their code is secure in development, secure in delivery, and secure in production.”


Security is typically implemented late in the software delivery process, just prior to deployment to production. Disjointed tools and processes leave teams unsure if proper security gates have been passed. Lack of integrated tooling and systems force teams to scramble to manually cobble together reports to meet audit and compliance requests.


CloudBees addressed legacy challenges by building the following security functionality into its products:

  • Feature flag integration – New features can be pushed to production following an automated process. If issues crop up in production, that specific feature can be immediately pulled back, and full traceability of what happened automatically provided.

  • Enhanced granularity in Role-Based Access Control – Fine-grained permissions are able to be set by the team, user, and even at the file level to ensure only authorized users access project assets, as needed, to perform their job. New capabilities released in CloudBees CI allow team leaders to manage non-security related configuration settings on their controllers - without granting them the powerful overall/administrator permission.

  • Enhanced backup, restore, and recovery – CloudBees is extending Velero to CloudBees CI for backup, restore, and recovery use cases. Velero is not only a superior solution for disaster recovery use cases but is also purpose-built for Kubernetes. Kubernetes support brings valuable capabilities for cluster migration and portability to CloudBees CI. This technology is already being used in CloudBees CD.

  • Audit-ready pipelines – Hardened audit-ready pipelines ensure only immutable, approved components and environments are used, preventing drift and tampering. This provides full traceability and audit reports in an instant.

  • Hardened CI – CloudBees developed a hardened version of its industry-leading continuous integration solution that meets strict government specifications for security, certified to DoD standards.

  • Proven integrations – Proven integrations to many leading security automation applications, such as Anchore, Alcide.io, CyberArk, Checkmarx, Contrast Security, FOSSA, RunSafe Security, Shiftleft.io, Snyk, Sonatype, Synopsys, WhiteSource Software, and Zimperium provide increased protection against outside risks.

Drop Me a Line, Let Me Know What You Think

© 2020 by Tom Smith | ctsmithiii@gmail.com | @ctsmithiii