What’s new in Eficode ROOT: February 2024

Safeguarding against unapproved releases

You can now configure release approval policies for your deployment environments. Each environment has its own policy setting that controls the requirements for the release: Does the release require explicit approval before it can be deployed to an environment, and whether deploying broken releases is permitted.

Check out the documentation for the Release approval policy to learn more.

Expiring personal access tokens

Using an access token instead of a username/password combination for machine use is preferred whenever possible, as we all know by now. The longer a single PAT lives, the riskier it becomes. We all know this as well. And knowing is half the battle.

With that said, however, I don’t know about you, but at least I could very well describe procrastination as being my comfort zone. That’s why it’s great that I can now set an expiration date for my Bamboo tokens. Nothing beats a hard deadline.

To celebrate the joy of getting an off-putting task finally done, a Bamboo Admin can also choose to enforce the automated expiration with a maximum allowed validity period for all users and tokens created.

The elephant in the room

Our first Confluence and Jira releases for 2024 are a bit different than what we are perhaps more accustomed to in that there are no new features.

The rationale for doing this can be traced back to the end of Server. Both Confluence 8.5.x and Jira 9.12.x are the final releases to run on a Server license—the last hurrah. And this is where our paths separate. Going forward Data Center will receive new versions and new features while the last Servers standing (on extended support) will remain on 8.5/9.12, which we’ve deployed in February.

It’s not all unfamiliar territory, however. There’s the usual abundance of updates to add-on apps as well as a number of bug fixes and other minor enhancements to both applications.

Confluence add-on highlights

ScriptRunner for Confluence

The popular advanced automation engine ScriptRunner for Confluence receives an update from the previous 8.14.0 all the way to version 8.19.0.

This update includes the innovative HAPI interface—already familiar from ScriptRunner for Jira—for a new and simplified way of building Confluence automations in Groovy. HAPI is an API that allows simpler alternatives to Confluence’s regular API for doing common Confluence tasks, such as creating pages or adding labels.

Be sure to check out the user documentation for HAPI to learn more about making your Confluence automation work HAPIer than ever before.

Talk - Advanced Inline Comments 

Talk Inline Comments can quite often end up describing actionable items, but without a meaningful way of highlighting these tasks, they can easily end up lost in discussion threads or are not even recognized as tasks.

The latest and greatest version, 5.0.0 of Talk - Advanced Inline Comments, now has an answer: Talk Tasks.

You can turn any Talk into a task, which is almost like a basic ticket or a service request: You can assign Talk tasks to a person, all tasks can be viewed and filtered through a dedicated UI in your user profile, and all tasks have a status (open or resolved) associated with them.

There’s even a Talk Report macro to turn a Confluence page into an issue tracker.

See the instructions for Talk Tasks on Stiltsoft.com and turn your Confluence into a mini Jira today!

Jira add-on highlights

eazyBI Reports and Charts for Jira

Our February update for the eazyBI add-on for Jira includes the possibility of importing Time to SLA app metrics. If the Time to SLA add-on is present on your Jira Data Center instance, the fields are available in the eazyBI Jira import options.

The DevOps data capabilities have been expanded by making it possible to show additional dimensions for pull requests, builds, and deployments, as well as for environments and releases. There’s also a capability for limited DevOps data import from Bitbucket, Bamboo, and Jenkins.

With the DarkTheme app, embedded reports and Jira wallboards can be displayed in dark theme as well.

Check out the eazyBI for Jira changelog for a full overview of the new features. 

Resolution SAML Single Sign On

The version 6.9.0 of Resolution’s SAML SSO Single Sign On plugin makes it possible to hide the standard login form completely when the IdP selection buttons are enabled. But it’s worth noting that this merely hides the form and doesn't prevent users from using a username and password. To block basic authentication completely, you still need to deny password authentication separately.

It’s also now possible to customize the look and feel of IdP buttons by modifying the IdP Button Page template in the plugin configuration. You can use different HTML to generate the buttons, add text before buttons, and so forth.

Structure by Tempo

The portfolio management add-on Structure by Tempo receives an update to version 9.2.0 which introduces two new integrations: Integration with Planner by Tempo as well as integration with Jira Assets.

The Planner integration allows you to view and manage planned time data within a structure, use planned time data in formulas, generators, and transformations, and aggregate planned time across users, teams, sprints, or any after-Jira field in your Structure hierarchy.

And with the Assets integration, you can use Asset data in formulas, generators, and transformations, edit Asset data in columns, and write Asset custom field data into text fields with Effectors. You can also use dereferencing formulas for various attribute types. Check out the Structure 9.2.0 release notes on ALM Works for a complete overview of the new Assets capabilities. 

Enhanced security for Actions deployment environments

Deployment environments in GitHub Actions can be used to describe general deployment targets as well as implement governance by configuring protection rules to require specific conditions to be met before allowing deployment to a certain environment.

GitHub Enterprise Server 3.11 makes it possible to improve the security of deployment environments by setting up branch protection rules to only allow specific branches to deploy to an environment. It might go without saying, but it’s worth mentioning anyway: The branch protection rules feature also implements protections against any overlapping name tricks. An attempt to deploy from a fork with a matching branch name or by using a tag with the same name as a protected branch won’t fly. These attempts will be blocked.

Administrators for environments can also improve the security of deployments by requiring another person to review and approve the job for it to proceed. You also now have the option to prevent users who initiate the deployment from approving their own deployment jobs by enabling the option Prevent self-review in the environment protection rules.

Deployment history beta

GitHub Enterprise Server 3.11 ships with a public beta of deployment history for deployments done through GitHub Actions and environments.

With the new deployments page for your repository, you can get an overview of various aspects of your deployments, such as the currently active deployments across various environments, full deployment history for your repository, commits that triggered the deployment, and so forth. 

Check out the documentation for viewing deployment history on GitHub to learn more! Please note that as the feature is in its beta phase, it might still change along the way. 

Repository protection rulesets

A ruleset is a named list of rules that apply to a single repository or multiple repositories within an organization. On the surface, rulesets appear to be similar to branch and tag protection rules, and in many ways, they are, but rulesets are not a reimplementation of an existing feature.

Rulesets can be either used alongside the existing protection rules or as a replacement for them. Rulesets offer various advantages over branch and tag protection rules:

• Unlike protection rules, multiple rulesets can apply at the same time. This is called rule layering. If multiple rulesets target the same branch or a tag in a repository, the rules in these rulesets are aggregated into one. And if there are duplications in specific rules, the most restrictive version is applied.
• Rulesets have statuses, making it easy to manage those that are active in a repository without going through delete/add cycles.
• Anyone with read access to a repository can view the active rulesets for the repository. This makes it easier for a developer to see what sort of security constraints are applied without requiring admin access to the repository.

Please refer to the About rulesets on GitHub for more information.

And more

Audit logs for enterprise, organization, and user levels include an expandable view in the web interface to display the full audit log payload for each event. This means you can now see the same full event metadata in both the web interface and via audit log streaming.

There are also a number of updates to GitHub Advanced Security as well as for Dependabot implementation, all of which are conveniently listed on the GitHub Enterprise Server 3.11 release notes.

Enforce 2FA for GitLab admins

With great power comes great responsibility. An administrator account in the wrong hands turns quickly into a weapon. There are simple technical measures you can implement to mitigate the risks tenfold, the main one obviously being multi-factor authentication.

You now have the ability to ensure your GitLab administrators adhere to best practices by enforcing GitLab 2FA for all admins. When the setting is enforced, and if an administrator does not yet have a 2FA configured, they will be prompted to do so upon the next sign-in.

See the Two-factor authentication docs to learn how to enable the enforcement policy.

Cache frequently used Maven packages with dependency proxy

The GitLab dependency proxy is a caching pull-through proxy for packages downloaded off of an upstream package registry.

With the release of GitLab 16.8, the dependency proxy for Maven is made generally available.

Add an external Java repository, such as Maven Central, to your GitLab project, configure your Maven, Gradle, or SBT to use your project’s dependency proxy for those upstream artifacts (see instructions for configuring the client), and off you go.

The first time you pull an upstream artifact through the dependency proxy, it will get imported into the GitLab project. The subsequent requests for the same artifact will then be served from the GitLab cache. Not only does it make your Maven builds pass faster, but it will also add a bit of resiliency against network connectivity issues or such towards the external repository.

The dependency proxy is also smart enough to detect changes in the upstream. If a package changes in the external repository, the one in GitLab’s local cache will be automatically invalidated and the new version from upstream will get downloaded and cached in its stead.

Interested? Check out the dependency proxy documentation to learn more. You can, of course, always reach out to your nearest Eficode ROOT support team too. We are more than happy to help with setting up the dependency proxy for your project.

Support for GCP Secret Manager

Storing secrets in Google Cloud Secret Manager? You’re in for a treat. 

GitLab 16.8 includes a new integration to simplify the interaction between GitLab CI/CD and Google Cloud, making it a breeze to consume secrets from GCP Secret Manager in your build pipelines.

Check out the documentation for using GCP Secret Manager with CI/CD for an overview of the configuration steps required for taking the new integration into use. 

New insights for Value Streams Dashboard

This release of GitLab also ships with enhancements to its analytics capabilities through the Value Streams Dashboard. The Value Streams Dashboard is available on GitLab Ultimate.

For instance, the Issue Analytics report now includes information on the number of closed issues in a month for a more detailed velocity analysis. The report provides a bar chart to visualize the number of issues opened and closed on a monthly basis with a default time span to cover the previous 13 months.

There’s also a new DORA Performers score panel to visualize the status of DevOps performance across different projects within the organization. The new panel displays an overview of the DORA score (high, medium, low) metric for all projects.

Not yet familiar with the Value Streams Dashboard? Check out the introductory video to find out more!

And a lot more

GitLab 16.8 also makes workspaces, originally introduced in beta on 16.0, generally available to everyone. Workspaces are on-demand remote development environments that you can run on your Kubernetes cluster connected to GitLab. Check out the Quickstart guide for workspaces to learn more.

It’s also now possible to enforce a policy to prevent branches from being deleted or set unprotected. There are also improvements to compliance framework management, user and group management on SAML SSO, and much more. Check out the GitLab 16.8 release announcement for extensive coverage. 

Monthly updates

For February, Jenkins Core remains on the familiar 2.246.x LTS patch level, but receives a host of plugin updates.

A new version of the Coverage plugin expands its report format coverage into Windows .NET world with the introduction of OpenCover support. The all-new Robot Framework plugin version 3.5.0 implements support for Robot Framework 7.x output format.

There’s also a large number of smaller incremental enhancements and bug fixes to various plugins.

And as always, please do not hesitate to contact your friendly Eficode ROOT support team for a list of updates specific to your Jenkins installation. The all-plugin architecture of Jenkins makes each and every one of them a bit of a snowflake.

Audit logging additions

This release of Nexus extends the audit log coverage to new events:

• For users using local, LDAP, or Crowd authentication, user login and logout events are now recorded in the audit log.
• For users on SAML authentication, there are also entries recorded for login and logout events, as well as for SAML configuration changes.
• “Clear cache” and “change (server) order” events in LDAP configuration are now recorded in the audit log.
• There are also records for creating, updating, and deleting a routing rule.

Usage metrics for Nexus Repository

The Outreach capability on Nexus Repository has been updated to provide insights into your Sonatype Nexus Repository usage. If you have the capability enabled and your user account has the appropriate nexus:metrics:read privilege, you’ll see a usage breakdown on the welcome page. 

The provided metrics include useful information, such as: 

• The total number of components in your Nexus Repository instance.
• The number of unique logins within the last 30 days.
• Maximum number of requests per minute to repository endpoints across all repositories over the last 24 hours.
• And the peak number of requests per day over the last 30 days.

Please refer to the Usage Metrics documentation to learn more. 

Other enhancements

This release adds support for CocoaPods stored on Google Open Source. There's also now the possibility of filtering the Repositories table by the blob store name. 

Nexus Repository Pro deployments on PostgreSQL also benefit from the new Cleanup Preview experience to help you fine-tune cleanup policies and ensure that important components aren’t unintentionally removed.

There are also a number of other smaller fixes and improvements, all of which are covered in the Release Notes for Nexus Repository.

What’s in store for March?

The forecast for the month of March on Eficode ROOT is all sunny. We are looking at a fresh GitLab 16.9, a brand new feature version for Jenkins Core as well as a round of updates for Artifactory and Xray on the JFrog Platform.

With the brand new SonarQube version 10.4 being released on February 7, Eficode ROOT platforms on the SonarQube current plan will receive the update in March.

There’s also the chance of a brand new Bitbucket to boot!

What about Confluence and Jira?

The jury is still out on whether it’s going to be April or May, but new feature releases for Confluence and Jira Data Center are already in the pipeline. Worry not; we will let you know what and when as soon as we can.