Release Notes

New Tool

Dependency-Track was added as an optional tool to DevOps-as-a-Service.

Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects and the continuously monitors dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.

The Jenkins Shared Library will automatically create SBOM files for maven projects and upload them to Dependency-Track.

For more information, see Dependency-Track.

Improvements

• The description field on the project details page was moved more towards the top to make clear that it's a general field and not tool-specific.

Security

• The internal representation of a user in Jenkins is now automatically deleted, when the user is deleted in the DevOps Portal. This ensures that API tokens of deleted users are no longer usable.

Bugfixes

• The sorting functionality in the audit log was not consistently working across all fields, and some fields exhibited instability both in graphical representation and sorting behavior.