CloudBees Announces New DevSecOps Capabilities for its CI/CD Solutions

CloudBees recently announced a new set of DevSecOps capabilities for its continuous integration and delivery (CI/CD) solutions, including feature flag integration within the CI and CD environments, which the company is billing as an industry first.

The CloudBees CI and CloudBees CD solutions now include capabilities designed to enable customers to perform early and frequent security checks and to ensure that security is an integral part of the entire software delivery pipeline workflow, the company said in a statement. Along with the new feature flag integration, the list of new capabilities includes enhanced Role-Based Access Control and more robust disaster recovery capabilities.

"Companies need to innovate faster, but if they don't integrate security early and often they expose themselves to a number of risks," said Shawn Ahmed, senior vice-president and general manager in CloudBees' Software Delivery Automation group, in a statement. "…Tapping the power of our market-leading CI and CD solutions, they can keep moving at high speed with full confidence that their code is secure in development, secure in delivery and secure in production."

Security continues to be properly considered late in the software delivery process, despite years of evidence that this is bad practice, just prior to deployment to production. Multiple tools and processes not effectively integrated or coordinated also leave teams unsure whether proper security gates have been passed. "Lack of integrated tooling and systems force teams to scramble to manually cobble together reports to meet audit and compliance requests," he company says.

CloudBees is respond to these legacy challenges (and just plain old bad habits) by building security functionality into its products in the following ways:

  • Feature flag integration. Feature flags (also known as feature toggles and feature switches) allow developers and product managers to turn on and off selected bits of code during runtime, without deploying new code. This new capability means that new features can now pushed to production following an automated process.
  • Enhanced granularity in Role-Based Access Control. New capabilities released in CloudBees CI allow team leaders to manage non-security related configuration settings on their controllers, without granting them the powerful overall/administrator permission.
  • Enhanced backup, restore and recovery – CloudBees is extending Velero to CloudBees CI for backup, restore, and recovery use cases. Velero is purpose-built for Kubernetes, which brings valuable capabilities for cluster migration and portability to CloudBees CI. This technology is already being used in CloudBees CD.
  • Audit-ready pipelines. Hardened, audit-ready pipelines ensure only immutable, approved components and environments are used, preventing drift and tampering. This provides full traceability and audit reports in an instant.
  • Hardened CloudBees CI. The company developed a hardened version of its continuous integration solution that meets government specifications for security, certified to DoD standards.
  • Integrations with leading security automation applications. Includes Anchore,, CyberArk, Checkmarx, Contrast Security, FOSSA, RunSafe Security,, Snyk, Sonatype, Synopsys, WhiteSource Software, and Zimperium.

The company made the announcement at its at its first online DevOps World 2020 conference.

About the Author

John K. Waters is the editor in chief of a number of sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].