CloudBees combs code to sweeten continuous compliance

The buzzy honey-based developers over at CloudBees have been busy this autumn/fall season.

The company (known for its software delivery technologies) has announced CloudBees Compliance, a compliance and risk analysis capability that spans all aspects of software delivery.

What is the full ‘aspect’ that CloudBees seeks to cover?

From software architecture, design, development and commit through to production.

CloudBees Compliance will debut at the start of 2022 but is already running test deployments.

The company is calling it peace of mind through ‘always-on’ compliance.

CloudBees Compliance is able to assert the compliance of code, binary artifacts, data, identity and infrastructure environments in a transparent and continuous fashion. It claims to provides developers with targeted, actionable feedback so that issues can be fixed at the source.

It’s all about the road to what they call ‘remediation orchestration’, which is a mouthful… but possibly a tasty one.

Neuralprints acquisition

The underlying technology for CloudBees Compliance, which extends the robust compliance and security capabilities of the CloudBees Platform, was acquired from Neuralprints. CloudBees Compliance will be available for both SaaS and self-managed deployments.

“Shifting left is not enough for enterprises that are highly regulated, highly complex and operating at extraordinary scale,” said Stephen DeWitt, CloudBees CEO. “Putting code into production that doesn’t work, whatever the reason, isn’t a viable option the risks and costs are just too high. What enterprises want and need is immediate and actionable feedback at every point of the software delivery lifecycle so that they have the peace of mind of being compliant at all times, all while enabling developers to focus on creating business value.”

CloudBees Compliance runs as an integral, always-on, part of the software delivery process, continuously verifying code, binary artifacts, data, identity and infrastructure compliance so developers can address issues in what is said to be real-time.

With the launch of this new capability, the idea (or perhaps promise) is that developers no longer need to try to be security experts, learn disparate tools or keep up to date on changing regulations.

Common repository of rules

This technology uses a common repository of rules to check compliance, then deduplicates alerts across affected files to eliminate false-positive alert storms.

In addition, CloudBees Compliance allows teams to set their own custom thresholds based on their risk tolerance and aggregates data from multiple security tools to provide a clear and reliable risk position for each release. After code is released to production, CloudBees Compliance continues to verify code against the rules and adapts to policy changes.

CloudBees plans to establish a program for security vendors, consulting firms and risk management partners to create compliance solutions and services that combine CloudBees Compliance with their knowledge and expertise as value-added offerings for their customers.