Background A standard part of the Jenkins X pipelines since a long time is the execution of jx changelog create that takes the commit messages between the release currently being created and the previous one and creates a change log from these. The change log is then stored as a release note in GitHub or other git provider. During the last year some improvements have landed in various Jenkins X components to improve the changelogs and their usefulness. So I’ll take this opportunity to describe these improvements and also in general give hints to how to get useful changelogs. Overview of major ..read more

Since the dawn of Jenkins X 3 the default last step of reconciling the state of the files in your cluster repository to your cluster has been to execute kubectl apply. You can find more details about this here. There are some drawbacks with kubectl apply though. The one that made me start looking for alternatives was that if you remove a resource from your cluster repository it may not be removed from your cluster. The way deletion works with kubectl apply is that it is handed the option --prune which will remove resources that are not in the manifests. Except that it doesn’t always work as ex ..read more

Jenkins X New UI It is a web application built with Golang for the backend and Sveltekit for the frontend, both of which are built together and used in the same container. To function properly, it must be installed as a helm chart with Jenkins X CRDs. ? It has light and dark themes. Why need a new UI? A good UI is essential for a CI/CD tool, as not everyone is familiar with the CLI. The current UI (jx-pipeline-visualizer) is a read-only UI, the user can view the logs of PipelineActivity but neither can start nor stop the pipeline. Features that the UI will provide: Start and Stop a Pipeline ..read more

Project Description Supply chain security is a rising concern is the current software era. Securing the software supply chain encompasses vulnerability remediation and the implementation of controls throughout the software development process. Due to massive increase in Attacks on software supply chain and the diversity of its types, Jenkins X has to make efforts to ensure that the build process is secure. As part of making Jenkins X an end-to-end solution for CI/CD I worked on both securing our own components and enabling our users to use these features during using our CI/CD for build and re ..read more

We are excited to announce that Jenkins X will be participating in Hacktoberfest again this year! Hacktoberfest is a month-long global celebration of open source software. All backgrounds and skill levels are encouraged to participate in Hacktoberfest and join a global community of open source contributors. Learn more about Hacktoberfest and sign up here. Contribute to Jenkins X We welcome your contributions to the Jenkins X project! Issues labelled “hacktoberfest” generally indicate good first issues. However, all pull requests will count towards your Hacktoberfest challenge. Refer to the con ..read more

Introduction Before going through Software Bill Of Materials (SBOMs), we need to set the ground for a rising concern in the software industry which is Software Supply Chain Security. Like traditional industries, deploying a piece of a software artifact goes through multiple stages composed of collecting source code components, libraries, tools, and processes used in those stages. Fig. 1 https://blog.convisoappsec.com/en/is-your-software-supply-chain-secure/ A supply chain attack can occur along the chain from submitting unauthorized malicious code in your source, unauthorized injection of har ..read more

Prerequisite If you don’t understand what is Software Bill of Materials (SBOM), please read this blog post first. Different SBOM formats comparison The National Telecommunications and Information Administration (NTIA) in the U.S. defined minimum requirements for SBOM formats: Identifying the supplier of the software component. Identifying the details about the version of the component. Including unique identifiers for the component like cryptographic hash functions. Including the relationships between all dependencies inside the component. Including a timestamp of when and by whom the SBOM re ..read more

Prerequisite Before you read this, you have to understand what are SBOMs and what are different formats of SBOMs Different SBOM generation tools comparison If you got this far, you already realize the importance of SBOM generation, and also it should meet certain requirements to achieve its purpose. Due to various requirements depending on what standard you’re following, there has to be a way to automatically generate different output formats for different standards. Also, it has to be suited for ci/cd solutions to keep up with the increasing number of releases for each organization. Note: Her ..read more

Introduction Hello everyone, I am Rajat Gupta, pursuing my bachelor’s in Information Technology. In 2022, I have been selected as a student developer in Google Summer of Code under Jenkins X. We will be building a new UI for Jenkins X. I got this news on May 20th, as I received an email from google. How I started The technologies needed were Golang, Kubernetes, and GitOps. I used golang only once before, while linting Jenkins X codebase, I only used Kubernetes once before while setting up a k3s cluster to run Jenkins X pipelines. These tasks were necessary to do for all GSoC participants. Apar ..read more

To allow Jenkins X to support Kubernetes 1.22, we had to update our version of Tekton. This updated version of Tekton contains breaking changes that has consequences if you made your own custom Jenkins X pipelines. To make sure that your custom pipelines continue to work after this upgrade, you must edit the resource settings in your pipelines. Otherwise your pipelines will most likely not be able to start at all, or if they do, consume a lot of resources. Changes in Tekton version 28 Tekton made changes in how to calculate the resources needed to run a pipeline, in order to support the concep ..read more