Onboard
Introduction
Users
Teams
Introduction
IntroductionPromote an image in Amazon ECRRetrieve an object from Amazon S3Store an object on Amazon S3Copy Docker images with CraneDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryRegister a build artifactRegister a deployed environment artifact
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineBuild and publish Docker images with KanikoRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Ansible PlaybookDeploy with Argo WorkflowsDeploy with AWS CodeDeployDeploy a binary with Amazon EC2Deploy to ECSRender an Amazon ECS task definitionDeploy with AWS Elastic BeanstalkDeploy with HerokuDeploy with OctopusDeploy with OpenShiftDeploy with SpinnakerDeploy with Tosca
Publish evidence items
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxCoverity on PolarisFind Security BugsGitHub Security ScannerGosecMendNexus IQSnykSonarQube bundledSonarQube
IntroductionBlack DuckMendSnyk
IntroductionTruffleHog ContainerTruffleHog CodeTruffleHog S3
IntroductionCreate a change requestUpdate or close a change requestGet a change request current stateQuery a change request approval
Publish test results
Multi-workflows dispatch
Introduction
Manage workflows
Introductioncloudbees and other context objectsenvnameonjobs.<job_id>.delegates.<job_id>.env.<job_id>.environment.<job_id>.if.<job_id>.needs.<job_id>.outputs.<job_id>.permissionsjobs.<job_id>.uses.<job_id>.services.<job_id>.services.<service_id>.services.<service_id>.args.services.<service_id>.env.services.<service_id>.imagejobs.<job_id>.steps.<job_id>.steps[*].id.<job_id>.steps[*].env.<job_id>.steps[*].if.<job_id>.steps[*].name.<job_id>.steps[*].run.<job_id>.steps[*].shell.<job_id>.steps[*].uses.<job_id>.steps[*].with.<job_id>.steps[*].with.args.<job_id>.steps[*].with.entrypoint.<job_id>.steps[*].timeout-minutesjobs.<job_id>.timeout-minutes
An example workflow
Reusable workflows
Personal access tokens
Trigger a workflow using an API
IntroductionManual approval
CI insights for Jenkins
Introduction
Learn about feature management
Create flags in code
Create/manage flags in the UI
Namespaces and labels
Configure feature flags
Audit history
Configuration as code
Flag impressions and activity status
Code references
Properties, custom properties, and target groups
Enabling secret mode
IntroductionAndroid / Android TV / Fire TVC/C++ (client-side)C/C++ (server-side)GoJavaJavaScript (browser) / Chromecast / TizenJavaScript SSR.NET/C#Node.jsiOS / tvOSPHPPythonReact NativeRuby
IntroductionClient-side AndroidClient-side C ClientClient-side C++ ClientClient-side JavaClient-side JavaScript (browser)Client-side .NET/C# clientClient-side Objective-CClient-side React NativeClient-side SwiftServer-side CServer-side C++Server-side GoServer-side JavaServer-side .NET/C#Server-side NodeJSServer-side PythonServer-side PHPServer-side RubyBoth client-side and server-side JavaScript SSR
IntroductionAngular appDjango appGin app.NET Core appReact appSpring Boot app

Manage security tools

3 minute read

CloudBees platform integrates third-party security tools, such as SAST or DAST scanners, for use in implicit security assessments. These tools are activated and reviewed from the Marketplace.

The Marketplace can be accessed at organization level, or at component level. Enable or disable tools at organization level, and review the status of each tool at component level.

To access the Marketplace:

  1. Select an organization. Optionally, select a component.

  2. Select Security  Marketplace.

ASPM Marketplace
Figure 1. ASPM Marketplace

  1. Select to filter tools by Category, Tags, or Tooling, or clear all filters.

  2. Search for a security tool.

  3. Select to toggle implicit security assessment. Disabling implicit security assessment turns off automatic security analysis for all the components associated with the selected organization and its sub-organizations.

  4. Select to enable or disable security tools. This can only be done at organization level.

Only users with the Admin user role in the organization can enable or disable security tools.

Organization hierarchy, and override records

Enabling or disabling a security tool, or implicit security assessment, is done at the organization level. Changes made to the root organization affect all of its child organizations. Below root-organization level, changes made to an organization create an override record, such that changes to its parent won’t affect that organization.

For example, in the image below, enabling a security tool for the Root organization would enable it for all three child organizations. If you then disabled it for Child organization 1, it would also disable it for Child organization 3.

Activating a different security tool for Child organization 1 would activate it for Child organization 3, unless that tool had already been deactivated for Child organization 3, which would have created an override record.

Organization hierarchy
Figure 2. Organization hierarchy
Disabling a security tool for the root organization disables it for all child organizations, irrespective of override records.

Available security tools

The following security tools can currently be configured on the CloudBees platform:

Code security scanners
Security tool Description Supported languages Explicit or implicit Scan type Installation type

Black Duck SCA

Scans open-source dependencies for known vulnerabilities and license risks.

Supported languages

Explicit

Code

Both single and multi tenant

Checkov

Scans cloud infrastructure configurations, including Terraform and Cloud Formation scripts.

Supported IAC types

Implicit

Code

Both single and multi tenant

Coverity on Polaris

Enterprise-grade static analysis for code security and quality.

Supported languages

Explicit

Code

Both single and multi tenant

Gitleaks

Scans Git repositories for sensitive content, such as credentials.

N/A (language agnostic)

Implicit

Code

Both single and multi tenant

Gosec

An open source Golang security scanner.

Supported languages

Implicit

Code

Both single and multi tenant

Njsscan

An open source Node.js security scanner.

Supported languages

Implicit

Code

Both single and multi tenant

SCC Scanner

An application software language analyzer. SCC Scanner is enabled on the CloudBees platform by default.

Supported languages

Implicit

Code

Single-tenant

SonarQube

Detects bugs, code smells, and security vulnerabilities across multiple languages.

Supported languages

Explicit

Code

Both single and multi tenant
Binary security scanners
Security tool Description Supported languages Explicit or implicit Scan type Installation type

FindSecBugs

An open source Java security scanner. Used in CloudBees to scan binary .jar files.

Supported languages

Implicit

Binary

Both single and multi tenant

Grype

A vulnerability scanner for container images, SBOMs, and file systems.

Supported languages

Implicit

Binary

Both single and multi tenant

Syft SBOM

Generates software bills of materials (SBOMs) from containers and binaries.

Supported formats

Implicit

Binary

Both single and multi tenant

Trivy

A Docker image scanner that supports OS packages and language-specific dependencies.

Supported languages

Implicit

Binary

Both single and multi tenant
Security overview
Code and binary security analysis