Archive

Enhancements

• Customers can now opt in to an automated procedure that aims to lock inactive users. This makes sense to increase security, but also helps to save paid licenses, since all license assignments are removed from a user when it's locked.
  The default config of the feature will send emails twice a week to users which have not logged in for 90 days to any tool or the DevOps Portal. The email asks the user to simply log in to the DevOps Portal or any other tool to be regarded again as active. If this is not done, and the grace period of 10 days has passed, the user is locked.
• For continuous operation of Portal API scripts, it's now possible to create and administer Technical Portal Users on the technical users page. Use with care, since these Portal Tech Users have the full power of Portal Admins and therefore could delete all projects and users! Like the Portal API itself, the feature is only enabled on request of the customer. In addition, Portal Tech Users can only call the API from well-defined IP addresses of the customer.

Improvements

• Improved error messages when outdated or already used activation links are called. The presented information is balanced between the best possible user feedback and security requirements.
• Keycloak update

New Tool

Dependency-Track was added as an optional tool to DevOps-as-a-Service.

Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects and the continuously monitors dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.

The Jenkins Shared Library will automatically create SBOM files for maven projects and upload them to Dependency-Track.

For more information, see Dependency-Track.

Improvements

• The description field on the project details page was moved more towards the top to make clear that it's a general field and not tool-specific.

Security

• The internal representation of a user in Jenkins is now automatically deleted, when the user is deleted in the DevOps Portal. This ensures that API tokens of deleted users are no longer usable.

Bugfixes

• The sorting functionality in the audit log was not consistently working across all fields, and some fields exhibited instability both in graphical representation and sorting behavior.