Secure & Compliant Builds Using the Pipeline Plugin in Jenkins 2.0+

Secure & Compliant Builds Using the Pipeline Plugin in Jenkins 2.0+

In a bid to introduce more control and flexibility, Jenkins merged the legacy workflow aggregator plugin into its core automation scheduler for all versions 2.0+ earlier this year. This pipeline functionality helps make the overall deployment cycle more durable and extensible with added agility in each step.

 Stage View for Jenkins

At Jenkins World 2016, Jenkins released figures showcasing a three-fold rise in adoption of their 2.0+ pipeline, paving the need for Black Duck to add a security and compliance layer around this new orchestration scheme. The Black Duck Hub plugin for Jenkins now supports Jenkins 2.0 and the pipeline functionality. 

Jenkins Pipeline Hub Pipeline

The Black Duck Hub plugin allows our users to run a post-build Hub scan with the goal of enforcing secure & compliant releases. The plugin leverages the Hub’s policy management module. Specifically, it includes a robust rules engine that can be configured at the enterprise level and can be enforced at different stages in the SDLC including the build stage. This Hub plugin also features an intuitive risk report to showcase build results for build managers. This removes the need for installing and monitoring multiple systems in a release job and helps the company stay agile all through ‘Dev’ into ‘Ops’ and reach markets faster than anticipated.

Black Duck Risk Report

If you haven’t already, try the Black Duck Hub and explore how our solution helps bridge the gap between ‘Dev’ and ‘Ops.’ 

Automate Your Open Source Security and License Compliance Processes 

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Hub Detect: Comprehensive Open Source Scanning

| Aug 22, 2017

As a product manager at Black Duck, I drive our priorities with integrations. This means, of course, that I listen to our customers a lot — what integrations are working for them, what’s missing, and what new features would help them. Based on customer feedback, our team has been improving our

| MORE >

Scan Nirvana: Hub Detect for All Native Build & CI Tools

| Aug 15, 2017

When you’re trying to secure and manage the open source code in your applications, the first step is to accurately discover all the open source in your systems. Simply put, if you don’t know which open source components you’re using, you can’t protect yourself from vulnerabilities in those

| MORE >

Why Binary Risk Management is Similar to Managing Your Wardrobe

| Jan 3, 2017

As we bid adieu to 2016 and welcome 2017, I'm thinking about the shift from the Continuous Integration (CI)/Build step to the binary repository space as a new control point within the software development cycle. Such dramatic changes aren't new in the software world, but what suprises me most

| MORE >