Eficode ROOT: What’s new this October?

What’s new in Eficode ROOT Insights?

We’ll be rolling out the newest release of Eficode ROOT Insights, version 1.2. It contains refinements to existing implementations of various components and improvements to overall usage of Insights.

See the Eficode ROOT Insights release blog for more information.

What's new in GitHub Enterprise

We are planning to release GitHub Enterprise version 2.22 in November. As this is a major update and it will contain some much anticipated feature enhancements, we decided to warn you already a month in advance. Consider yourself warned, then. Right. This is what’s going to happen:

New features

• View all your users
• Pull request retargeting to another branch to enable pull request to follow the changes instead of automatically closing the pull request on merge to another branch
• Suspend and unsuspend an app installation, capability to temporarily stop a Github application from bombarding your environment
• Users and organizations can add Twitter usernames to their GitHub profiles

New beta features

• GitHub Actions on-premise
• Requires runners and storage solution (AWS S3, Azure Blob Storage and MinIO)
• GitHub Packages
• Requires storage solution: AWS S3 and MinIO with support for Azure blob
• GitHub Advanced Security Code Scanning Beta
• GitHub’s native static application security testing tool that can be used to find problems in code before they become apparent. Uses CodeQL as the backend for the analysis.

And a lot more which you can read about on GitHub Enterprise release notes at github.com.

What’s new in GitLab?

GitLab will get an update from the current 13.0 to the latest version available -- 13.4. As usual, the Release blog posts at gitlab.com have extremely detailed explanations of all of the changes, enhancements and new features, hence there is no reason for us to refer to all of that here.

There were some things that caught our eye, more on these below.

Breaking changes

There are some narrow breaking changes to Secure Analyzers in GitLab 13.4. If you’ve been using this feature, you might want to have a look at Upcoming GitLab.com narrow breaking changes to Secure Analyzers in GitLab 13.4 post at gitlab.com.  

Enhanced and extended security and compliance capabilities

With this release, you can now use secrets stored in HashiCorp Vault directly in your CI/CD jobs as part of the build and deploy process.

Brakeman SAST scanning has been included in GitLab for those developing in Rails. 

All 15 of GitLab’s open source based SAST security analyzers in GitLab have been made available for all GitLab subscription levels. SAST or Static Application Security Testing helps developers identify common security issues as code is being developed and mitigate them proactively. Getting started with SAST is now easier than ever using the new guided SAST configuration, by enabling Auto DevOps or by adding the SAST configuration template in your gitlab-ci.yml file.

And lots more, like improvements to DAST scanning functionality, Security Dashboard, reports and exports and the list goes on. Dive into the release notes at gitlab.com for more.

Improve code quality

Code coverage graphs now provide better visibility for developers and managers into how code coverage has been trending over time, by creating a simple graph of the coverage values calculated in pipelines.

With code reviews, the native code intelligence improves on the speed and accuracy of code reviews by integrating reference material directly into GitLab.

What’s new in Jenkins?

Jenkins will receive the usual monthly bundle of LTS version bump to 2.249.1 LTS for Jenkins core along with a bunch of fixes and updates for some of its plugins. This time around there are some visible changes as well.

Polished look and feel

Jenkins user interface is treated to a more modern look and feel. Changes include restyled hyperlinks, restyled tables and tabs, restyled sidebar and accessibility improvements from switching from tables to divs, to name a few. See for yourself!

Finally, a dark theme!

The Continuous Delivery Foundation has incorporated support for user configurable UI themes via a new Theme Manager extension and they’ve come up with something that a lot of us have been hoping for -- a dark theme for Jenkins!

Theme Manager and the dark theme itself are still listed as “alpha” releases - so don’t be alarmed if you come across bugs or other strange behavior with them.

Still, we felt it was already really nice and sleek. That’s why we’ve chosen to already include it in all ROOT Jenkins instances. By default everyone will still see the familiar, slightly modernized, light colored UI. But if you would prefer the darker variant instead, you can easily enable the Dark theme from your user profile settings in Jenkins.

Check out Introducing the Jenkins Dark Theme at cd.foundation to read more about the background and development of the dark theme. 

Plugin updates

Please contact your ROOT support for a full list of plugin changes applicable to your ROOT Jenkins instances.

What’s new with JFrog?

What’s new in Artifactory?

In September we rolled out the major upgrade to Artifactory 7. Now it is time for us to upgrade to version 7.7.8 and squash some bugs that we’ve encountered so far, such as the one where JFrog Platform UI would return an internal server error for login attempts with a username with uppercase letters in it. This is now fixed, along with a bunch of other stuff. There are already some new features as well.

GraphQL support

With the release of Artifactory 7.7 JFrog has added the first beta version of GraphQL support for Artifactory. It has only a limited set of capabilities to begin with, but new additions will be included in future versions.

“GraphQL is a query language for your API, and a server-side runtime for executing queries by using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.” (graphql.org)

See the GraphQL documentation at jfrog.com to learn more about using GraphQL with Artifactory metadata or take a look at Introduction to GraphQL at graphql.org for more intel on GraphQL itself.

Enhancements to existing features

Incremental indexing has been added for the npm indexing mechanism resulting in reduced time required to build the package index.

See the Artifactory Release Notes at jfrog.com for a complete list of enhancements and changes. 

What’s new in Xray?

In October we will be updating JFrog Xray instances from the current 3.6.1 to version 3.8.6. All changes in detail can be found in Xray Release Notes at jfrog.com as always. Highlights are as follows.

Vulnerabilities report

Xray 3.8 introduces a new Reports feature, and the first report type to use this new feature is the Vulnerabilities report.

Using the Reports feature, you can now generate a visual representation of vulnerabilities found in your artifacts, builds and release bundles. You can set a specific scope and advanced filters to create a report with the exact data you want to see on it.

Other report types with further capabilities are planned for future releases.

See JFrog’s documentation for Reports feature as well as for the Vulnerabilities report to learn more!

Manage Reports user role

Related to the introduction of the Reports feature, there is now an additional role available for users’ permissions for defining who can create, generate and manage the new Reports feature.

Flexibility and improvements to license management

Xray 3.8 adds new Multiple License Permissive Approach rule to policy configuration, allowing you to have more flexibility in the policy level and to configure a more permissive approach for situations where a component is detected with multiple licenses, of which some are permitted and some are not. See the instructions for creating policy rules at jfrog.com for specifics.

License detection performance and success rates have been improved, too.

What else is happening in Eficode ROOT?

Eficode ROOT Team Management is updated

RTM receives a minor patch to version 1.4.22 complemented by refinements to external directory (e.g. Azure AD) user and group synchronization.

Nexus IQ gets an update

Sonatype Nexus IQ will receive a lifecycle update to release 98. This level-up brings in a set of improvements and enhancements to REST APIs, overall performance, .NET and Golang analysis and much more. Check out Nexus IQ Release Notes at sonatype.com for full disclosure.