CloudBees Unify changelog

Bidirectional Jira integration for the Applications > Security center

(Release ID: 2.0) New feature

Applications > Security center now integrates bidirectionally with Jira to track security remediation work. Organization admins configure the Jira connection, priority mappings, and webhooks at the organization level. Application owners then link their applications to Jira projects and define status and issue type mappings.

When a security finding is marked as "Fix required," a Jira issue is automatically created and synced for status changes, including justification comments from triage or review. Updates from Jira are reflected back in the Applications > Security center when issues move to "In progress."

Star priority assets in Applications > Security center

(Release ID: 2.0) New feature

You can now mark key assets as "starred" (priority) in Applications > Security center to quickly filter and focus on them. Star assets from lists or detail pages, then use filters to show only your starred items. Starred indicators appear throughout the Security center to help you track priority assets. This is especially useful in environments with hundreds or thousands of services.

View the language composition of components within CloudBees Unify

(Release ID: 2.0) New feature

Code repositories in CloudBees Unify now display their language composition to help you understand the technology mix when assessing security posture and risk. A stacked bar chart shows the top five languages by percentage, with the remaining languages grouped as "Others."

Language composition appears in:

Language data is available for GitHub and GitLab repositories. Bitbucket and Gerrit are not currently supported due to API limitations.

Action names are now visible in the runtime view

(Release ID: 2.0) Feature enhancement

The runtime view now shows the names of the actions used in each workflow step, making it easier to identify which actions ran in a job.

CloudBees CI and Jenkins integration experience enhanced

(Release ID: 2.0) Feature enhancement

The single controller integration workflow for connecting CloudBees CI and Jenkins controllers to CloudBees Unify now includes an updated controller status list and other enhancements for a more intuitive experience.

References:

Message subscription mechanism updated for application releases

(Release ID: 2.0) Feature enhancement

The message subscription mechanism used internally for application releases has been updated for better control over message processing and improved performance

In rare cases, if release workflows were being updated at the exact moment of the system update, the list of available release workflows for an application might not reflect the latest changes due to lost messages. If you encounter issues with the release workflow list, contact CloudBees support.

Added Snyk SCA integration for automatic vulnerability scanning

(Release ID: 1.0) New feature

Integrated Snyk SCA to automatically scan code repositories for open source library vulnerabilities, misconfigurations, and license compliance issues. When enabled through the Security > Marketplace, Snyk SCA runs during code security analysis without requiring workflow modifications or CI/CD engine dependencies.

How it works:

Enable Snyk SCA through the Security > Marketplace, and scans run automatically when code security analysis is triggered, such as during component creation or after commits. Security insights appear directly within CloudBees Unify without workflow changes or manual triggers required.

Introduced new explicit workflow action for Snyk SCA scanning

(Release ID: 1.0) New feature

Introduced a new explicit workflow action for Snyk SCA scanning, enabling direct software composition analysis within workflows. This action is available in both CloudBees Unify Actions and as a GitHub Actions wrapper, allowing organizations to scan code repositories for open source library vulnerabilities, misconfigurations, and license compliance issues.

How it works:

Add the Snyk SCA action to your workflow by selecting it from Actions in the UI, or by invoking the GitHub Actions wrapper. When the workflow runs, the action performs software composition analysis and the GitHub Actions wrapper automatically returns results to CloudBees Unify, where security insights appear directly.

Introduced new explicit workflow action for Snyk Infrastructure-as-Code (IaC) scanning

(Release ID: 1.0) New feature

Introduced a new explicit workflow action for Snyk IaC scanning, enabling direct Infrastructure-as-Code (IaC) security analysis within workflows. This action is available in both CloudBees Unify Actions and as a GitHub Actions wrapper, allowing organizations to scan for vulnerabilities and misconfigurations in Terraform, OpenTofu, and other supported IaC languages.

How it works:

Add the Snyk IaC action to your workflow by selecting it from Actions in the UI, or by invoking the GitHub Actions wrapper. When the workflow runs, the action performs IaC security analysis and the GitHub Actions wrapper automatically returns results to CloudBees Unify, where security insights appear directly.

Enhanced CloudBees CI and Jenkins artifact registration to include commit details

(Release ID: 1.0) Feature enhancement

Enhanced the registerBuildArtifactMetadata step in CloudBees CI and Jenkins pipelines to support commit details association. Pipeline authors can use commit information from the build context or supply custom source code commit information when publishing artifact versions. Artifacts can also be associated with a different CloudBees Unify component than the workflow location.

References: