Onboard
Introduction
Users
Teams
Introduction
IntroductionPromote an image in Amazon ECRRetrieve an object from Amazon S3Store an object on Amazon S3Copy Docker images with CraneDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryGet artifact detailsRegister a build artifactRegister a deployed environment artifact
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineBuild and publish Docker images with KanikoRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Ansible PlaybookDeploy with Argo WorkflowsDeploy with AWS CodeDeployDeploy a binary with Amazon EC2Deploy to ECSRender an Amazon ECS task definitionDeploy with AWS Elastic BeanstalkDeploy with HerokuDeploy with OctopusDeploy with OpenShiftDeploy with SpinnakerDeploy with Tosca
Publish evidence items
Fetch secrets from CyberArk Conjur
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxCheckovCoverity on PolarisFind Security BugsGitHub Security ScannerGosecGrypeMendNexus IQnjsscanSnykSonarQube bundledSonarQube
IntroductionBlack DuckMendSnyk
IntroductionGitleaksTruffleHog ContainerTruffleHog CodeTruffleHog S3
IntroductionCreate a change requestUpdate or close a change requestGet a change request current stateQuery a change request approval
Publish test results
Multi-workflows dispatch
Introduction
Manage workflows
Introductioncloudbees and other context objectsenvnameonpermissionsjobs.<job_id>.<job_id>.delegates.<job_id>.env.<job_id>.vars.<job_id>.secrets.<job_id>.environment.<job_id>.if.<job_id>.needs.<job_id>.outputs.<job_id>.permissionsjobs.<job_id>.uses.<job_id>.services.<job_id>.services.<service_id>.services.<service_id>.args.services.<service_id>.env.services.<service_id>.imagejobs.<job_id>.steps.<job_id>.steps[*].id.<job_id>.steps[*].env.<job_id>.steps[*].if.<job_id>.steps[*].name.<job_id>.steps[*].run.<job_id>.steps[*].shell.<job_id>.steps[*].uses.<job_id>.steps[*].with.<job_id>.steps[*].with.args.<job_id>.steps[*].with.entrypoint.<job_id>.steps[*].timeout-minutesjobs.<job_id>.timeout-minutes
An example workflow
Reusable workflows
Personal access tokens
Trigger a workflow using an API
IntroductionManual approval
Connect a repositoryCreate a workflowRun a scanPublish an image
Introduction
Learn about feature management
Create flags in code
Manage multiple SDK keys in your application
Create/manage flags in the UI
Namespaces and labels
Configure feature flags
Feature management custom roles
Flag approval requests and reviews
Audit history
Configuration as code
Flag impressions and activity status
Code references
Properties and custom properties
Target groups
Enabling secret mode
IntroductionAndroid / Android TV / Fire TVC/C++ (client-side)C/C++ (server-side)GoJavaJavaScript (browser) / Chromecast / TizenJavaScript SSR.NET/C#Node.jsiOS / tvOSPHPPythonReact NativeRuby
IntroductionClient-side AndroidClient-side C ClientClient-side C++ ClientClient-side JavaClient-side JavaScript (browser)Client-side .NET/C# clientClient-side Objective-CClient-side React NativeClient-side SwiftServer-side CServer-side C++Server-side GoServer-side JavaServer-side .NET/C#Server-side NodeJSServer-side PythonServer-side PHPServer-side RubyBoth client-side and server-side JavaScript SSR
IntroductionAndroid appAngular appDjango appGin appJava Spring Boot app.NET Core appReact appSwift iOS app

Shared responsibility model

3 minute read

What is a shared responsibility model?

A shared responsibility model in a cloud environment is a formal framework that clearly defines and divides security and compliance duties among the different parties involved in a cloud service relationship. When a Software as a Service (SaaS) provider builds its application on a public cloud (such as AWS), the model becomes a three-party agreement that allocates responsibility based on who has operational control over each component of the service stack. This can be defined as follows:

  • The cloud service provider (AWS) assumes responsibility for the security of the cloud, maintaining the physical hardware, host operating system (OS), and global network resilience (disaster recovery for the core infrastructure).

  • The SaaS provider (CloudBees platform) is responsible for the security of the application and platform, which includes all application code, patch management, managing the AWS environment configurations (virtual private clouds (VPCs), and firewalls), service continuity planning, and incident response for software vulnerabilities.

  • You (the customer) retain accountability for security in the application, including all data ownership, user access management (multi-factor authentication (MFA) enforcement), configuring granular security settings, and implementing a third-party data recovery strategy for accidental or malicious deletion.

Table 1. Detailed responsibilities
Responsibility area Cloud service provider (AWS) SaaS provider (CloudBees platform) Customer (you)

Physical security

Global infrastructure, data centers, hardware, networking, and physical facilities.

Not applicable. Inherited from AWS.

Not applicable.

Core infrastructure

Security of the cloud, including the virtualization layer, host operating system, and base network security.

Configuration of the AWS-provided infrastructure (for example, VPCs, security groups, IAM for the AWS account).

Not applicable.

Application & code

Not applicable.

The core SaaS application, its code, deployment, maintenance, updates, and web application firewalls (WAF). Guidance on secure usage of the product.

Configuration of the application.

Patch management

Patching the underlying hardware and host operating system.

Patching the guest operating systems (if using IaaS), middleware, runtime environments, and the SaaS application itself.

Not applicable.

Identity & access management (IAM)

Availability of AWS IAM and core service endpoints.

Application’s user access service, including user roles and permissions, and access to infrastructure by CloudBees employees.

Managing user accounts, secrets, passwords, enabling/enforcing MFA, single sign-on (SSO), integrations, and user behavior.

Data & encryption

Providing encryption tools (for example, KMS, EBS/S3 encryption features).

Implementing data classification policies, configuring encryption settings (at rest/in transit).

Data ownership, data quality, legal/regulatory compliance (for example, GDPR, HIPAA), and controlling data-sharing permissions within the application.

Monitoring & logging

Provides the raw infrastructure logging capabilities/tooling (for example, CloudTrail and CloudWatch logs).

Collecting, analyzing, and acting on logs, tool configuration, establishing threat detection, and providing security incident response for the SaaS application.

Monitoring your own user activity, usage, and reporting suspicious behavior to CloudBees platform.

Incident management

Detecting and resolving incidents affecting the underlying AWS infrastructure.

Detecting, containing, and remediating incidents within the application or its managed cloud environment. CloudBees must notify customers of security incidents impacting their data.

Incident response actions related to your employees, endpoints, or credentials (for example, disabling compromised user accounts and initiating local device forensic analysis).

Disaster recovery

Resilience and recoverability of the AWS Rrgion/service itself (for example, availability zones and region failover for core services).

Maintaining service level agreement (SLA) continuity through application-level disaster recovery (DR) planning, multi-region failover, and ensuring RTO/RPO for the application’s overall function.

Responsible for your own data backup and recovery plan for individual data loss events (for example, accidental or malicious deletion). You may need a third-party backup solution for granular recovery.
This shared responsibility model is provided for informational purposes only and is not intended to be exhaustive. This document provides an overview of general principles and does not supersede the specific terms, conditions, and security obligations outlined in the CloudBees Subscription and Services Agreement and CloudBees Terms of Service (TOS).
Support policies
Supported browsers and external tools