January 2026
Added Snyk SCA integration for automatic vulnerability scanning
(Release ID: 1.0) New feature
Integrated Snyk SCA to automatically scan code repositories for open source library vulnerabilities, misconfigurations, and license compliance issues. When enabled through the Security Marketplace, Snyk SCA runs during code security analysis without requiring workflow modifications or CI/CD engine dependencies.
How it works:
Enable Snyk SCA through the Security Marketplace, and scans run automatically when code security analysis is triggered, such as during component creation or after commits. Security insights appear directly within CloudBees Unify without workflow changes or manual triggers required.
Introduced new explicit workflow action for Snyk SCA scanning
(Release ID: 1.0) New feature
Introduced a new explicit workflow action for Snyk SCA scanning, enabling direct software composition analysis within workflows. This action is available in both CloudBees Unify Actions and as a GitHub Actions wrapper, allowing organizations to scan code repositories for open source library vulnerabilities, misconfigurations, and license compliance issues.
How it works:
Add the Snyk SCA action to your workflow by selecting it from Actions in the UI, or by invoking the GitHub Actions wrapper. When the workflow runs, the action performs software composition analysis and the GitHub Actions wrapper automatically returns results to CloudBees Unify, where security insights appear directly.
Introduced new explicit workflow action for Snyk Infrastructure-as-Code (IaC) scanning
(Release ID: 1.0) New feature
Introduced a new explicit workflow action for Snyk IaC scanning, enabling direct Infrastructure-as-Code (IaC) security analysis within workflows. This action is available in both the CloudBees Unify Actions and as a GitHub Actions wrapper, allowing organizations to scan for vulnerabilities and misconfigurations in Terraform, OpenTofu, and other supported IaC languages.
How it works:
Add the Snyk IaC action to your workflow by selecting it from Actions in the UI, or by invoking the GitHub Actions wrapper. When the workflow runs, the action performs IaC security analysis and the GitHub Actions wrapper automatically returns results to CloudBees Unify, where security insights appear directly.
Enhanced CloudBees CI and Jenkins artifact registration to include commit details
(Release ID: 1.0) Feature enhancement
Enhanced the registerBuildArtifactMetadata step in CloudBees CI and Jenkins pipelines to support commit details association. Pipeline authors can use commit information from the build context or supply custom source code commit information when publishing artifact versions. Artifacts can also be associated with a different CloudBees Unify component than the workflow location.
References: