This is going to be yet another feature-packed month for Eficode ROOT, with updates to Atlassian’s Confluence, the JFrog platform, Eficode ROOT Team Management and more.
More insight into your site with Data pipeline
Data Center only
A Confluence Administrator can now export the current state data of Confluence and feed it into a business intelligence platform (such as Tableau). The raw data includes things like titles, URLs, users, and creation and modification dates for pages, attachments and comments.
Using this data, you can, for example:
- create visualization and reporting on the user activity.
- gain a better understanding of how your users use Confluence.
Learn more about Data pipeline at atlassian.com.
What’s new in the Confluence ecosystem?
Draw.io Diagrams for Confluence
- Fixes XML External Entity (XXE) injection vulnerability. This vulnerability allows authenticated users with attachment permissions to send an XXE attack.
Page Tree Creator (formerly known as Space Tree Creator)
- The Space Tree Creator becomes the Page Tree Creator and can not only create spaces but also pages!
- Adds the capability to enable/disable inline comments per macro. The setting is in the MultiExcerpt macro and affects whether or not inline comments on content in the body of the MultiExcerpt will be rendered in MultiExcerpt Includes
- Adds the capability for an admin to separately control the global setting for inline comment rendering in MultiExcerpt Includes vs Confluence Excerpt Includes.
SAML Single Sign On (Confluence SSO)
New User Sync 2.0:
- Overhauled user interface for easier configuration
- Improved setup for Google Cloud Identity (formerly known as G Suite)
- New attribute mapping with presets and transformations for common cases
- Groovy transformations for advanced use cases
- Linchpin User Profiles integration
- Integrated tutorial videos
- Experimental support for SCIM 2.0 and custom Groovy-driven connectors
PHP Composer repositories receive some love
Artifactory now supports PHP Composer V2, and starting with Artifactory 7.24, Local PHP repositories will automatically be created in V2. Your existing Composer repositories, however, will remain unchanged and Composer V1 will be set as the default for them.
In addition to this, you can also upload Drupal version 7 and 8 packages to remote repositories.
Identity tokens for secure scoped access
You can now create identity tokens in your user profile. Compared to the usual API tokens, which can permit access to everything a user has access to, identity tokens are scoped tokens, which means that they can be used to provide limited access to a certain, defined scope only. Check out User profile documentation at jfrog.com to learn more.
Numerous feature enhancements in Artifactory
Improved Docker experience
The Docker Remote Repository flow has been improved by reducing the number of requests made towards the remote repository.
There’s also support for Docker Buildx, which allows you to easily build and push multi-architecture images.
Helm Virtual Repositories get namespace support
Namespaces can now be assigned to local and remote repositories in Helm Virtual Repositories, allowing you to explicitly state which of the aggregated repositories to use for fetching a chart. Before, requesting a chart via a Helm Virtual Repository would have simply returned the first chart that matched the requested name, which may or may not have been the one you actually wanted.
- The Native artifacts browser - the plain HTML structured tree view into a repository - is now available via the artifact URL or via the artifact’s Action menu. And there’s no need to re-authenticate anymore when accessing it!
- The Priority Resolution feature has been extended to support Puppet package as well.
- Metadata retrieval performance has been improved for remote repositories.
And much more, all of which you can find in Artifactory Release Notes at jfrog.com! Be sure to check it out.
Ensure your dependencies are up to par with the Xray Dependencies Scan
Xray now provides the capability for verifying your Maven, Gradle and npm dependencies. You can scan for possible security and license violations in the dependency packages even before you check in any code. Using the JFrog CLI command line tool, you can simply point it to your source directory and have Xray scan through it -- without having to build or publish the code first.
Using JFrog CLI, you can have Xray scan through the dependencies in your source tree in the same way it would, when run against published artifacts in Artifactory repositories. The CLI utility returns a detailed scan results report that contains all the details of the possible problems discovered in your dependency tree.
Learn more about Xray Dependencies Scan at jfrog.com.
On-demand binary scan for files outside Artifactory
You can also use JFrog CLI to Xray scan through your local binaries when needed, without having to first upload or publish them to Artifactory! You can point JFrog CLI to a binary on your local file system and receive an Xray report that contains a list of vulnerabilities and licenses pertinent to that binary.
JFrog CLI has a built-in (proprietary closed-source) logic for extracting the binary and composing a component graph of it, similar to how Xray scans your binaries in Artifactory repositories. After a successful scan, the CLI will return a detailed scan results report that contains details of the vulnerabilities, violations and licenses discovered in the binary.
Learn more about Xray On-Demand Binary Scan at jfrog.com.
GitLab is turned all the way up to 14
With the new major version of GitLab, there are more than a few noteworthy things happening.
As you might expect, a major upgrade is not without some breaking changes. You probably want to check out the complete list of breaking changes at gitlab.com to see if there's something that applies to your use case.
One thing you will certainly notice, is the name of the default branch in Git. Keeping in line with the Git project and broader community, the default branch name for new projects in GitLab will now be main.
This release of GitLab adds support for building, publishing and sharing Helm charts by introducing Helm Registry to its repertoire of supported package manager formats.
Given GitLab’s ever expanding functionality, it was time to make some changes to the way you access all of it.
GitLab 14 introduces a new streamlined top navigation menu to help you get to where you’re going faster and with fewer clicks. This new menu consolidates the previous Projects, Groups and More menus into one.
The left sidebar has also been restructured and redesigned to improve its usability. Features in the Operations menu have been split into three distinct menus. It's also more accessible thanks to the improved visual contrast and optimized spacing of the items.
Lots and lots more
As is the case with GitLab, they have published their release notes with such exhaustive detail, it would be pointless for us to try and list everything here.
Jenkins’ monthly level-up
As usual, Jenkins gets a round of updates to both Jenkins Core and its plugin. Jenkins itself is updated to the fresh LTS release 2.303.1, along with fixes and enhancements for Pipelines, Blue Ocean and many others.
Please contact your ROOT support team for a full list of plugin updates applicable to your ROOT Jenkins instance.
This release of Nexus IQ includes various enhancements to features and overall performance, and addresses a few bugs discovered.
On the analysis front, IQ Server can now be used to evaluate policies against:
- Python components defined in poetry.lock files.
- components from the dependency file of a Swift application.
A new Continuous Risk Profile feature of Nexus IQ for SCM keeps default branch policy evaluations up to date by executing policy evaluations periodically, and whenever a change is detected on a default branch. See the documentation for Continuous Risk Profile - Nexus IQ for SCM at sonatype.com for more details.
Also check out the overall Release Notes for Nexus IQ Server at sonatype.com for details on all changes introduced by this update to release 121.
Eficode ROOT Team Management
RTM’s latest release is focused on making the LDAP interface and Synchronizer better.
Last login timestamps for LDAP
RTM LDAP service can now be configured to log the last successful logins towards the LDAP interface. This can be useful information for tracking user activity in other tools, which implement their authentication using RTM LDAP. This information can be easily retrieved for every user using the RTM REST API.
Stability and performance improvements
Both RTM LDAP and RTM Synchronizer have received multiple updates, improving on the overall stability of both services and making things happen quicker than before, thanks to various optimizations made to both.
SonarQube LTS is updated from the original LTS release 8.9.0 to the latest version 220.127.116.11101. This is a bugfix release, which corrects faults discovered in the initial release.
Community plugin updates
SonarQube Community Branch Plugin version 1.8.1
- Plugin is updated from version 1.8.0 to 1.8.1
- Allows decorating GitLab Mono Repositories and Azure DevOps Mono Repositories
- Allows multiple configurations to be defined for each ALM in SonarQube global settings
- Fixes the bug in saving project level new code settings (#272, #379)
- See Version 1.8.1 notes at github.com for more details
SonarQube C++ Community plugin version 2.0.4
- Plugin is updated from version 2.0.0 to 2.0.4
- Fixes various bugs encountered with the initial 2.0.0 release, which was introduced with the new 8.9 LTS
- See SonarQube C++ Community Plugin releases at github.com for more details
ZAP Plugin for SonarQube
- Plugin is updated from version 2.2.0 to 2.3.0
- Adds support for multibranch
- Updates internal dependencies and libraries
- See OtherDevOpsGene/zap-sonar-plugin at github.com for further details
Published: September 1, 2021