Blog

Enhancements

• Customers can now opt in to an automated procedure that aims to lock inactive users. This makes sense to increase security, but also helps to save paid licenses, since all license assignments are removed from a user when it's locked.
  The default config of the feature will send emails twice a week to users which have not logged in for 90 days to any tool or the DevOps Portal. The email asks the user to simply log in to the DevOps Portal or any other tool to be regarded again as active. If this is not done, and the grace period of 10 days has passed, the user is locked.
• For continuous operation of Portal API scripts, it's now possible to create and administer Technical Portal Users on the technical users page. Use with care, since these Portal Tech Users have the full power of Portal Admins and therefore could delete all projects and users! Like the Portal API itself, the feature is only enabled on request of the customer. In addition, Portal Tech Users can only call the API from well-defined IP addresses of the customer.

Improvements

• Improved error messages when outdated or already used activation links are called. The presented information is balanced between the best possible user feedback and security requirements.
• Keycloak update

New Tool

Dependency-Track was added as an optional tool to DevOps-as-a-Service.

Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects and the continuously monitors dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.

The Jenkins Shared Library will automatically create SBOM files for maven projects and upload them to Dependency-Track.

For more information, see Dependency-Track.

Improvements

• The description field on the project details page was moved more towards the top to make clear that it's a general field and not tool-specific.

Security

• The internal representation of a user in Jenkins is now automatically deleted, when the user is deleted in the DevOps Portal. This ensures that API tokens of deleted users are no longer usable.

Bugfixes

• The sorting functionality in the audit log was not consistently working across all fields, and some fields exhibited instability both in graphical representation and sorting behavior.

Improvements

• The "Manage Watcher list" permission in Jira projects is now granted to the ADMIN and MASTER role.
• For RETIRED projects, the tool links are no longer clickable.

Bugfixes

• If a lot of artifacts were pushed to a Harbor project it could happen, that the project could not be properly deleted. This is fixed now.
• For some cases, it could happen that a change of the display language was not properly saved. This is fixed now.
• It could happen when a Portal Admin tried to delete a retired project that the error message which says that the project has to spend more time in the RETIRED stated was not properly displayed.

Improvements

• Upgraded Portal back-end from Java 17 to 21.
• Reinvites are now recorded in the audit log.
• The version number on the bottom left of the dashboard is now linked to this blog with the release notes.

Bugfixes

• The Jira Agile Board Management Change mentioned in DevOps Portal 1.9.3 was not applied correctly to boards named only "PKEY". This has been fixed.
• Due to a race condition on the project details page, it could happen that all default tools were shown as selected, instead of the tools which were indeed part of the project. The bug was present in 2.0.0 only.

New Design

• The main menu was moved from the top to the left to better match the 16:9 layout of current screens. For more clearness, the expanded menu with icons and labels can be used:
  
  Or for a maximum of available space, the collapsed menu just with icons:

• 

Enhancements

• The DevOps Portal was upgraded to Angular 19.
• Prepared the upcoming feature for technical users which can access the Portal Rest API.

Improvements

• All sub wikis in XWiki now automatically get the same magenta theme like the main wiki.

Improvements

• Improved Rest API concerning checks for missing arguments and providing more defaults.
• Improved content of some mail notifications on user and role changes.

Bugfixes

• A column header on the Users page was lost in 1.9.3, but is back again.
• Fixed formatting on password change page.

Jira Agile Board Management Change

The existing feature and the reason for the change

When a project is created on Jira, Jira automatically creates a Scrum Board for the project, which is named by the project key. It was always possible, that the Project Admin later decides to have a Kanban board instead. To achieve this, the Project Admin can create a new agile board and delete the old one. Since the DevOps Portal automatically sets the Administrators of the board to match the Admins of the project, it's necessary for the DevOps Portal to find the correct board. Unfortunately, Jira doesn't maintain a connection between projects and boards. Therefore, the old algorithm was choosing the oldest board with a filter query on the project. But since all Jira users can create boards and in addition filter queries can be constructed, which reference multiple projects, it was possible to get into corner cases where the DevOps Portal was managing the Administrators of the wrong board. Therefore, the algorithm was changed. The filter query used by the board is no longer important. Instead, only the name of the board is relevant. The new algorithm even allows it keeping the Administrators of multiple boards in sync with the Admins of a project.

The enhanced feature

When a project is resynced or an Admin is added or removed from a project, the DevOps Portal will set the Administrators of the matching boards to the list of Project Admins. To qualify for a match, the board name has to start with the project key. For example, if the project key is "PKEY":

• Board names like "PKEY", "PKEY Kanban Board", "PKEY_Team_Board", "PKEY-CoolBoard" etc. will have their Administrators managed by the DevOps Portal
• Board names like "_PKEY MyBoard" or "Joe's Board" don't have a "PKEY" prefix. They will not be managed by the DevOps Portal.

Required actions on your side

• If nobody manually created boards, you don't have to change anything, since "PKEY" is the default name of boards which are automatically created. So they will be still found and managed by the DevOps Portal as before.
• If anybody manually created boards, please check the names and rename as necessary to get the desired behavior.
• Since board Administrators can rename their boards, all of them can decide themselves by eventually renaming the board, if they want to keep a Team board managed by the DevOps Portal or if they want to have an independent board, where the list of Administrators is manually maintained in Jira.

Enhancements

• It's now possible to assign the agent-admin role to Jenkins tech users using the checkbox "Allow to administer agents"
  For more details see Connecting Inbound Jenkins Agents.
• The REST API was extended and now supports all required management operations for projects. This contains CREATION/POST, PATCH, RETIRE and REACTIVATE as well as DELETE.

Improvements

• If a user is set to be a component lead of one or more components in a Jira project, these assignments are automatically removed when the role of the user is removed. Therefore, if you use component leads in your project, check if some components have no longer a lead, after you removed the role of a user.
• Switched to new translation mechanism of messages in the portal.
• Added documentation for XWiki.

Bugfixes

• When Jira was added to an existing project, it was not possible to select a non-default Workflow Scheme, Issue Type Scheme or Issue Type Screen Scheme.
• Manual language selection on the login screen did work properly only with the keyboard, but not using the mouse.

New feature

• Bitbucket git repositories are now automatically connected with SonarQube results. This enables the Pull-request decoration in Bitbucket which is supported by SonarQube instances with Developer or Enterprise licenses. In addition, the delivery pipeline can now set the desired quality gate for the git repository.
  To successfully use the new feature, at least v3.4.0 of the Jenkins Shared Library has to be used. For more information see the DevOps-as-a-Service Jenkins Library Changelog.

Enhancements

• Prepared support for the tool Dependency Track which will allow automated SBOM analysis together with Jenkins.
• AI Operator is now automatically connected to Jira using a read-only technical user. To enable the feature for existing projects with AI Operator and Jira a Project Admin simply needs to edit and save the project. This adds more functionality to AI Operator since it can now read all your Jira issues in addition to Confluence pages.
• Added RestAPI for user management. Portal Admins can now use the API to create, update or delete users. All other status transitions are also supported like e.g. lock and unlock. See Swagger screenshot below:
  

Improvements

• Since the DevOps Portal sometimes requires technical user accounts with assigned licenses to connect one tool with another, the Create Project page has been improved to make this more transparent. Lets's say you have selected some tools for a new project. Now you also select Jenkins. Then some info messages will appear and show you which tool will have to contribute 1 or 2 licenses for a successful connection with Jenkins. The following screenshot shows a sample tool selection with and without Jenkins.
    →  
• The Workspace read permission in Jenkins is now also granted to DEVELOPERs, not only ADMINs and MASTERs. This improves self-service for DEVELOPERs for troubleshooting build failures.
• The Health Checks page for Portal Admins was removed. Due to technology changes, it did no longer offer any added value. Instead, use the dashboards which are automatically available for all users in the Main Org of Grafana to see much more metrics and statuses.
• Changes of the 2FA setting of a user are now more clearly logged in the Audit Log.
• The instructions a new user sees in emails or in the web browser during onboarding are now different depending on if 2FA was enabled or not. This makes it easier to understand and follow the process.

Bugfixes

• When the DevOps-as-a-Service session timed out after 5 hours of inactivity, it could happen that a still opened DevOps Portal was not correctly redirecting the user to the login page, but instead was showing an error. This was a problem caused by the new JWT implementation introduced in DevOps Portal 1.9.1 and has been fixed.
• Some links in the footer were not correctly adapted when the user changed his or her favorite language.

Enhancements

• Added support for the Version Manager for Jira plugin. The presence of the additional permission "Manage Versions" is automatically detected and assigned to the project roles ADMIN and MASTER. Therefore, the plugin effectively allows MASTERs and not only ADMINs to manage versions for their project. To change it for an existing project, simply Edit and Save the project again.
• Switched from classic session handling (JSESSIONID) to JSON Web Token (JWT). See https://jwt.io/introduction for more information. From the perspective of the user, this change is mostly invisible. If you are a REST API pilot customer, please note that the token expires quickly and needs to be renewed. The curl examples shown on the swagger page in the DevOps Portal already use JWT and can be used as is. To support M2M communication in the future, we plan to add Technical Users for the Portal REST API.
• The link DOaaS Metrics was added to the Grafana tile on the Home page. It leads to the DevOps-as-a-Service Metrics which are available for every user who has the Grafana tool assigned. For more information, see Grafana DOaaS Metrics

Improvements

• Added official AI Operator logo on the Home page for projects which are using this tool.
• Prepare support for sending email notifications from Gitea.
• The menu item Account → Sign out will now immediately logout from the DevOps Portal and all tools without a confirmation question.
• Actions performed by DOaaS Operators like e.g. a project resync, which could be necessary after an update, are now visible in the audit log for Portal Admins.

Bugfixes

• Some manually constructed URLs could result in an HTTP error code of 500 instead of 404. This is fixed now.

New feature

• The DevOps Portal is now supporting auto-provisioning Grafana. Grafana  is the leading open-source tool for monitoring and visualizing data from sources such as Prometheus, Loki, Databases, and more. It allows users to create interactive dashboards and set-up alerts to monitor application metrics as well as system performance and trends in real time. Grafana is rolled-out in May for all customers. You can add Grafana to any of your existing projects. This adds the Grafana tile to the Homepage of your project on the DevOps Portal.
  
  See Grafana concerning all details of the integration.

Improvements

• Improved possibilities to support customers within their Portal.
• Updated design to new T-Systems logo.
• The regular expression used to validate email addresses is now stricter than before to spot impossible addresses earlier in the onboarding process of new users.
• Improved formatting of long audit log entries.
• In addition, includes all improvements from DevOps Portal 1.8.6