Here we are again with the amazingly cool stuff in Eficode ROOT:

  1. Eficode ROOT Team Management
  2. Java 11 in Jenkins
  3. New perks in JFrog
  4. GitLab 15.5 in Eficode ROOT
  5. SonarQube picks up speed and accuracy

Eficode ROOT Team Management focuses on directory synchronization improvements with the November release of 2.5.0.

Flexible directory synchronization

Synchronizer improvements in this release allow more flexibility for Azure Active Directory (AAD) and MS Active Directory (AD) directory synchronization.

It is now possible to skip the group synchronization altogether with Azure Active Directory (AD). Cutting the synchronization can be very useful when you want your Eficode ROOT users provisioned and authorized via Azure AD while delegating the project role and group management to the projects themselves in a truly Agile fashion.

And for nested groups in both Azure AD and AD, it’s now possible to have them flattened during synchronization to Team Management. Instead of retrieving the whole hierarchy and all related groups, you can only synchronize the memberships in a particular group, whether those memberships in the original directory are direct or indirect through nested group hierarchies.

The updated synchronizer can now retrieve user account information from multiple discrete Active Directory OUs in one go, allowing very tightly scoped user account synchronization with complex directory structures.

And there’s more

This release of Team Management also delivers enhancements to the web UI functionality. Users can now correctly access the /recoverpassword endpoint even if they still have a valid Team Management login session. And even better, there’s a new password reset functionality in the web UI Profile view, should you ever forget your Team Management password while still logged in.
 

The group description and member count are now visible on the main group listing view, making it easy to find precisely the right group.

All bot accounts and their purpose can be made clear to everyone using the new Description field, available from RTM 2.5.0 onwards.

_rtm_1

Please navigate our documentation at docs.eficode.io to see the complete release notes or learn more about Eficode ROOT Team Management.

 

 

It’s happening! And it’s going to be even more anticlimactic than you’d think.

Java 8 support is no longer in the Core

The time has come. The November update to 2.361.2 LTS will remove Java 8 support from Jenkins Core. Chances are you won’t even notice it, quite frankly.

If you still have legacy-ish Maven Project jobs requiring Java 8 to run, you’ll have some work to do. Please check out our September 2022 Eficode ROOT release blog, where we got down to the nitty-gritty surrounding the Java version change.

Plus, the usual monthly updates

In addition to the Jenkins LTS Core update, there’s the usual round of plugin fixes, enhancements, and compatibility updates related to the updated LTS. Nothing major, nothing drastic, and no relevant breaking changes indicated by their respective change logs.


As always, don’t hesitate to contact the friendly Eficode ROOT support team for a list of updates specific to your Jenkins instance.

Artifactory and Xray bump to 7.46 and 3.59 on this froggy November. There are various enhancements to Artifactory, OCI image and Conda package support, and a native M1 version of the on-demand scanner for Xray.

WebUI for Scoped Tokens

Previously you could only create Scoped Tokens using the REST API endpoint, but with this release, you’ll get a neat Web User Interface for managing the tokens.

_jfrog_1

Access Tokens UI in Artifactory 7.46.9

You can find the new UI by navigating Administration -> User Management -> Access Tokens.

Check out the Access Tokens documentation at jfrog.com to learn more about managing tokens on the JFrog Platform.

On-demand scanning natively on M1

Running M1 iron on your workstation? Good news! 

Xray on-demand scanning executable now runs natively on M1 with no need for Rosetta 2 emulation. When you execute an on-demand scan with JFrog CLI, it’ll automatically download the new native binary from the Xray server. Nice!

New additions to Xray repertoire

Starting with this release, Xray can find vulnerabilities in your OCI images when deployed to an Artifactory Docker repository.

This release of Xray also supports scanning the contents of a Conda package. While Conda is a language-independent, general-purpose package manager, the Xray support (at least for the time being) focuses on scanning Python packages and their dependencies within a Conda package. For bundled Python packages, Xray can provide the full suite: security vulnerabilities, license compliance, and operational risk.

It is worth noting that the JFrog UI will display zero security vulnerabilities for unsupported packages bundled within a Conda package.

Miscellaneous department

This release of Artifactory also delivers various other improvements, such as those made to the AQL internal search mechanisms, which should result in speedier queries overall. Indexing the Helm Chart repository has also become faster.

Web UIs have also been enhanced through improvements to the loading times of Groups and Permissions administration screens and enabling new sorting and searching options in user management tables.

For an overview of all changes and fixes in our November JFrog release, please see the official release notes:

GitLab 15.5 arrives on the Eficode ROOT Platform in November, and it’s not short on new features this month either.

Embrace the cloud with GitLab Cloud Seed

GitLab Incubation Engineering department has been partnering with Google Cloud since December 2021, with a vision of developing solutions to help customers accelerate cloud adoption within their organization.

Cloud Seed is an open-source program led by the Incubation Engineering team in collaboration with Google Cloud, showcasing some of this partnership’s results.

Cloud Seed features are part of the GitLab Web UI. It allows developers seamless and frictionless access to consuming Google Cloud services for an automated delivery pipeline tightly integrated with GitLab CI/CD capabilities. Cloud Seed’s easy-to-use and the accessible format makes setting up preview environments a breeze. It supports Service Accounts, Cloud Run, and Cloud SQL.

To learn more about Cloud Seed and how it could help accelerate your development, look at the Cloud Seed documentation on gitlab.com or check out the excellent "Preview Environments on GitLab with ⛅🌱 Cloud Seed" demonstration video on GitLab’s YouTube channel.

Email notifications for 2FA failures

This improvement may be a small one - with potentially a significant impact. You can - and most certainly should - safeguard your GitLab account by enabling two-factor authentication (2FA). Even if an attacker somehow manages to get your username and password, the one-time password (OTP) used with two-factor authentication will likely stop them.

That said, up until GitLab 15.5, you would not have necessarily known something highly questionable was happening in the shadows. You’ll get an immediate email notification if someone enters an incorrect OTP code.

Import more from GitHub

Thinking of moving to GitLab, but the thought of leaving PR and issue event history behind has been putting you off from doing so? Well, you’ll need to devise another set of excuses now!

While it has been possible to import Pull Requests and issues over to GitLab, you had to make compromises. With this release of GitLab, the GitHub Project Importer receives new functionality for no-compromises migration.

The project importer can now import the following Pull Request events to Merge Request metadata:

  • Closed or reopened.
  • Labeled or unlabeled.
  • Review requested or review request removed.
  • Assigned or unassigned.
  • Edited.

And with the issue events history, the set of events supported are similar to that of Pull Requests – closed or reopened, labeled or unlabeled, milestone added or removed, assigned or unassigned, cross-referenced and renamed.

Check out the GitLab 15.5 release announcement on gitlab.com for more details on the GitHub Project Importer improvements!

And a lot more

As always, you can find the complete and very detailed list of changes for GitLab 15. on the GitLab 15.5 release announcement on gitlab.com.

SonarQube 9.7 speeds up analysis, improves accuracy, and - yet - becomes more helpful. More is more.

Faster

SonarQube 9.7 continues the 9.x tradition of making things happen quickly. This time around, it’s the turn for COBOL and for JavaScript and TypeScript PR analysis to get some extra speed. Both receive a new cache treatment, scanning only changed files for each PR. All this is proven to improve scan times by 40% on average, with up to 80% on large projects.

Better

This release of SonarQube brings neat new features for Python developers. There are new test case rules unique to the Sonar ecosystem, which can help developers to improve their test quality on unit test and pytest frameworks. Python analysis now covers three new critical bugs that can cause unwanted application crashing or behavior.

Check out these Sonar Community posts for more information on the Python improvements:


And for the cloudy Pythonista, this release of SonarQube also delivers 16 new rules for ensuring your AWS CDK use is safe and sound: nine rules to cover encryption at rest and in transit, four rules focusing on public access, network and firewalls, and three new rules to tackle permission and access control.

Nicer

And for those on commercial SonarQube plans, further user experience improvements are delivered by the 9.7. In the rules UI, it’s now possible to highlight the differences between the compliant and noncompliant code samples, making things more straightforward than before. Most Java and C# taint analysis rules take advantage of this new possibility, with extensions to other rules to come in future SonarQube releases.

The educational content related to Java and C# taint analysis rules is now more comprehensive. The new content helps developers understand why and how to write clean code.

Published: November 8, 2022

Eficode ROOT