Secure & Compliant Builds Using the Pipeline Plugin in Jenkins 2.0+

Secure & Compliant Builds Using the Pipeline Plugin in Jenkins 2.0+

In a bid to introduce more control and flexibility, Jenkins merged the legacy workflow aggregator plugin into its core automation scheduler for all versions 2.0+ earlier this year. This pipeline functionality helps make the overall deployment cycle more durable and extensible with added agility in each step.

 Stage View for Jenkins

At Jenkins World 2016, Jenkins released figures showcasing a three-fold rise in adoption of their 2.0+ pipeline, paving the need for Black Duck to add a security and compliance layer around this new orchestration scheme. The Black Duck Hub plugin for Jenkins now supports Jenkins 2.0 and the pipeline functionality. 

Jenkins Pipeline Hub Pipeline

The Black Duck Hub plugin allows our users to run a post-build Hub scan with the goal of enforcing secure & compliant releases. The plugin leverages the Hub’s policy management module. Specifically, it includes a robust rules engine that can be configured at the enterprise level and can be enforced at different stages in the SDLC including the build stage. This Hub plugin also features an intuitive risk report to showcase build results for build managers. This removes the need for installing and monitoring multiple systems in a release job and helps the company stay agile all through ‘Dev’ into ‘Ops’ and reach markets faster than anticipated.

Black Duck Risk Report

If you haven’t already, try the Black Duck Hub and explore how our solution helps bridge the gap between ‘Dev’ and ‘Ops.’ 

Automate Your Open Source Security and License Compliance Processes 

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Why Binary Risk Management is Similar to Managing Your Wardrobe

| Jan 3, 2017

As we bid adieu to 2016 and welcome 2017, I'm thinking about the shift from the Continuous Integration (CI)/Build step to the binary repository space as a new control point within the software development cycle. Such dramatic changes aren't new in the software world, but what suprises me most

| MORE >

A Sneak Peek into the Black Duck Hub Plugin for Eclipse

| Dec 13, 2016

The Black Duck Hub team is in the process of shipping a Hub plugin to support visibility into the open source contents of your Eclipse workspace. This plugin makes it easier for developers to look at components and sub-components, including declared & transitive dependencies in the context of open

| MORE >

Automating Ticket Creation with Atlassian's JIRA

| Nov 16, 2016

Can you automate ticket creation for security vulnerabilities and policy violations that are (unintentionally) shipping out with your code?  Atlassian’s JIRA platform is close to an industry standard in bug tracking and ticketing. Whether you are agile, use waterfall or develop on an ad-hoc basis,

| MORE >