Project Description Supply chain security is a rising concern in the current software era. Securing the software supply chain encompasses vulnerability remediation and the implementation of controls throughout the software development process. Due to massive increase in attacks on software supply chain and the diversity of its types, Jenkins X has to make efforts to…

Prerequisite If you don’t understand what is Software Bill of Materials (SBOM), please read this blog post first. Different SBOM formats comparison The National Telecommunications and Information Administration (NTIA) in the U.S. defined minimum requirements for SBOM formats: Identifying the supplier of the software component. Identifying the details about the version of the component. Including…

Prerequisite Before you read this, you have to understand what are SBOMs and what are different formats of SBOMs Different SBOM generation tools comparison If you got this far, you already realize the importance of SBOM generation, and also it should meet certain requirements to achieve its purpose. Due to various requirements depending on what…

Introduction Before going through Software Bill Of Materials (SBOMs), we need to set the ground for a rising concern in the software industry which is Software Supply Chain Security. Like traditional industries, deploying a piece of a software artifact goes through multiple stages composed of collecting source code components, libraries, tools, and processes used in…

Google has announced that container registry will be shut down some time after March 18, 2025. For GKE clusters created with version 1.12.0 or later of terraform-google-jx it’s unlikely that anything needs to be done, but for older clusters you should upgrade your cluster while considering our advice regarding migration from container registry to artifact…

Background A standard part of the Jenkins X pipelines since a long time is the execution of jx changelog create that takes the commit messages between the release currently being created and the previous one and creates a change log from these. The change log is then stored as a release note in GitHub or…

Since the dawn of Jenkins X 3 the default last step of reconciling the state of the files in your cluster repository to your cluster has been to execute kubectl apply. You can find more details about this here. There are some drawbacks with kubectl apply though. The one that made me start looking for…

Background In an organisation with many repositories and developers that are frequently shifting the maintenance of OWNERS and OWNERS_ALIASES files can be tedious. In the passing year a couple of functionalities has been added to help with this. Foreign aliases To avoid maintaining the OWNERS_ALIASES file in many repositories you can now refer to the…

We have put together some project ideas as part of our application to participate in the Google Summer of Code 2023 program. 1. CD events integration with Jenkins X Description The cdEvents project standardises the way systems talk to each other, which enables Interoperability between systems so they speak a common language through the cdEvents…

Jenkins X New UI It is a web application built with Golang for the backend and Sveltekit for the frontend, both of which are built together and used in the same container. To function properly, it must be installed as a helm chart with Jenkins X CRDs. 🌟 It has light and dark themes. Why…